CVE-2025-49217

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method...

CVE-2025-49214

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this...

TencentOS Server 4: gstreamer1 (TSSA-2024:1102)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1102 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

BIT-DOLIBARR-2024-37821

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file...

CVE-2025-33108

CVE-2025-33108 affects IBM Backup, Recovery and Media Services for i versions 7.4 and 7.5. A BRMS program calling an unqualified library can allow a user with the capability to compile or restore a program to execute user-controlled code with host OS component access, enabling elevated privileges...

CVE-2025-33108 IBM Backup Recovery and Media Services for i code execution

IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access to...

PT-2025-25304 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue concerns a remote code execution vulnerability. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where...

CVE-2025-43581

CVE-2025-43581 affects Substance3D Sampler (5.0 and earlier) with an out-of-bounds write (CWE-787) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). Connected sources confirm the vulnerability in S...

CVE-2025-47166 Microsoft SharePoint Server Remote Code Execution Vulnerability

...

CVE-2025-47164 Microsoft Office Remote Code Execution Vulnerability

...

CVE-2025-33071 Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability

...

CVE-2025-33066 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

...

Description of the security update for Word 2016: June 10, 2025 (KB5002710)

Description of the security update for Word 2016: June 10, 2025 KB5002710 Summary This security update resolves a Microsoft Word remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and Exposures...

Microsoft Office 安全漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

Microsoft Word 安全漏洞

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

CVE-2025-3485

Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementati...

CVE-2025-47728

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

D-Link DIR-816 Router Stack Buffer Overflow Vulnerability

The D-Link DIR-816 is a wireless router for homes and small offices SOHO that supports dual-band 2.4GHz and 5GHz wireless networking. A stack buffer overflow vulnerability exists in the D-Link DIR-816. The vulnerability stems from the incorrect operation of the parameter dipaddress/sipaddress in...

CVE-2025-20276 Cisco Unified Contact Center Express Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insecure...

CVE-2025-47725

Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...