SAMSUNG Blockchain Keystore 安全漏洞

SAMSUNG Blockchain Keystore is a system tool for creating, storing, managing and backing up private keys from Samsung South Korea. A code execution vulnerability exists in SAMSUNG Blockchain Keystore, which can be exploited by an attacker to execute arbitrary code on the system...

CVE-2013-10070 PHP-Charts v1.0 PHP Code Execution

PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution...

PT-2025-32044 · Kenwood · Kenwood Dmx958Xr

Name of the Vulnerable Software and Affected Versions: Kenwood DMX958XR affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected Kenwood DMX958XR devices without authentication. The flaw resides in the firmware update proces...

(0Day) Ashlar-Vellum Cobalt CO File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

CVE-2025-7361

A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI using a CIN node. This vulnerability affects 32-bit NI LabVIEW 2025 Q1...

ALSA-2025:11797 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Large branch table could lead to truncated instruction CVE-2025-8028 firefox: thunderbird: Memory safety bugs CVE-2025-8035 firefox: thunderbird:...

CVE-2025-54413

CVE-2025-54413 affects the Python package skops (versions ≤ 0.11.0) due to an inconsistency in the internal MethodNode, which can be exploited to access arbitrary object fields via dot notation during load. This can lead to arbitrary code execution at load time . The issue is fixed in version 12....

CVE-2025-54412

Skops (Python) CVE-2025-54412 involves an inconsistency in OperatorFuncNode validation that can let an attacker craft a model file which, while appearing to trust certain types, actually executes operator.call and arbitrary code during load. Affected versions: 0.11.0 and earlier; fixed in 0.12.0....

CVE-2025-46198

Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element...

CVE-2025-33076

IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system...

Code Execution Vulnerability in Multiple Mozilla Products (CNVD-2025-20066)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products, whic...

CVE-2025-7298

IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2025-7225

INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. User interaction is required to exploit this vulnerability in that the target must visit a malicio...

CVE-2018-25114

OSCommerce Online Merchant 2.3.4.1 : Remote code execution via insecure installer workflow. Unauthenticated attackers can access the install_4.php endpoint in an accessible /install/ directory and inject PHP code into configure.php, which is executed when included by the app. Affected component: ...

CVE-2025-34143 ETQ Reliance CG Authentication Bypass via Trailing Space RCE

An authentication bypass vulnerability exists in ETQ Reliance on the CG legacy platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login pag...

(0Day) Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

CVE-2025-7324 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2025-7311

CVE-2025-7311 describes a memory‑corruption vulnerability in the IrfanView CADImage Plugin’s DWG file parsing. The flaw stems from insufficient validation of user‑supplied data during DWG parsing, allowing an attacker to potentially execute arbitrary code in the plugin’s process. Exploitation req...

CVE-2025-7297 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2025-7298

CVE-2025-7298 concerns IrfanView CADImage Plugin, where DXF file parsing lacks proper validation, enabling an out-of-bounds read that can lead to remote code execution. Affected component: CADImage Plugin’s DXF parser. Impact: arbitrary code execution in the plugin context if a user opens a craft...