Microsoft Office 安全漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.24 (SUSE-SU-2026:0219-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0219-1 advisory. Update to go1.24.12 released 2026-01-15 bsc1236217 Security fixes: - CVE-2025-61730: crypto/tls:...

CVE-2025-15349 Anritsu ShockLine SCPI Race Condition Remote Code Execution Vulnerability

Anritsu ShockLine SCPI Race Condition Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Anritsu ShockLine. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...

CVE-2021-47864

OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in the service's path, potentially gaining...

HID Global ActivIdentity code-related vulnerabilities

HID Global ActivIdentity is a digital identity authentication and security credential management system developed by HID Global in the United States. Version 8.2 of HID Global ActivIdentity contains a code vulnerability; this vulnerability stems from an unquoted service path in the ac.sharedstore...

MiracleLinux 8 : perl-App-cpanminus:1.7044 (5.30) (AXSA:2024-9043:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9043:02 advisory. perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution Vulnerability CVE-2024-45321 Tenable has extracted the preceding description block...

MiracleLinux 8 : perl-App-cpanminus:1.7044 (5.24) (AXSA:2024-9045:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9045:04 advisory. perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution Vulnerability CVE-2024-45321 Tenable has extracted the preceding description block...

RockyLinux 9 : gpsd-minimal (RLSA-2026:0771)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0771 advisory. gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing CVE-2025-67269 gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds wri...

Macro Expert code issue vulnerabilities

Macro Expert is a robotics process automation software developed by Macro Expert Corporation. Version 4.7 of Macro Expert contains a code vulnerability; this vulnerability stems from service paths that are not enclosed in quotes, which may allow for the execution of arbitrary code...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by free usage in ANGLE. An attacker can exploit the vulnerability to execute arbitrary code on a system...

CVE-2025-68271

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of...

CVE-2023-25439

Stored Cross Site Scripting XSS vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and customer details...

CVE-2023-31465

An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named argx, with x an integer starting from 1; it is possible t...

CVE-2023-40825

An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list...

CVE-2021-27112

LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images...

CVE-2022-33889

A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution...

CVE-2022-33886

A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an...

CVE-2022-42936

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

CVE-2022-31313

api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package...

CVE-2019-18417

Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files...