CVE-2020-35633

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in NefS2/SNCioparser.h SNCioparser::readsface storesmboundaryitem Edgeof.A specially crafted malformed file can lead to an out-of-bounds read and type...

CVE-2024-25155

In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag...

CVE-2024-21546

Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution RCE through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code...

CVE-2024-23477

The SolarWinds Access Rights Manager ARM was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution...

CVE-2024-5466

Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option...

CVE-2024-1856

In Progress® Telerik® Reporting versions prior to 2024 Q1 18.0.24.130, a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability...

CVE-2024-10095

In Progress Telerik UI for WPF versions prior to 2024 Q4 2024.4.1213, a code execution attack is possible through an insecure deserialization vulnerability...

CVE-2024-10012

In Progress Telerik UI for WPF versions prior to 2024 Q4 2024.4.1111, a code execution attack is possible through an insecure deserialization vulnerability...

CVE-2024-28861

Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in sfNamespacedParameterHolder class that would enable an attacker to get remot...

CVE-2024-55884

In the Mullvad VPN client 2024.6 Desktop, 2024.8 iOS, and 2024.8-beta1 Android, the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable in exceptionlogging/unix.rs, aka MLLVD-CR-24-01. NOTE: achieving code execution is considered non-trivial...

CVE-2024-31959

An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks a check for the validation of native handles, which can result in code execution...

CVE-2023-39943

Ashlar-Vellum Cobalt family (Cobalt, Xenon, Argon, Lithium, and related components) is affected by CVE-2023-39943 due to improper validation of user-supplied XE data, leading to an out-of-bounds write that could allow arbitrary code execution. Affected versions include Cobalt v12 SP0 Build (1204....

CVE-2025-1011

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

CVE-2024-57099

ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server...

CVE-2024-57099

ClassCMS v4.8 is exposed to a code execution vulnerability exploitable through the classview parameter in the model management feature. An attacker can supply a crafted payload to achieve arbitrary code execution and potentially take full control of the server. The issue is documented across mult...

CVE-2024-24731

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the httpdownload command. The issue results from t...

CVE-2024-11611

AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that th...

CVE-2024-11600

CVE-2024-11600 affects the WordPress plugin Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg (versions up to 1.5.9). The issue is authenticated Remote Code Execution via the write_config function, caused by insufficient sanitization of an imported JSON file, allowin...

CVE-2024-31903

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data...

[SECURITY] [DSA 5847-1] snapcast security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5847-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 21, 2025 https://www.debian.org/security/faq -...