CVE-2025-47728

CVE-2025-47728 affects Delta Electronics CNCSoft-G2. The issue is a parsing/memory-corruption flaw in DPAX file handling that can allow code execution in the context of the current process when a user opens a malicious file. Metrics indicate LOCAL attack vector with low complexity and user intera...

CVE-2025-47726

The CVE-2025-47726 entry concerns Delta Electronics CNCSoft and an out-of-bounds write caused by improper validation of user-supplied files. If a user opens a malicious file, an attacker could execute code in the context of the current process (local code execution). The available connected sourc...

CVE-2025-47725 Out-of-bounds Write in CNCSoft

Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

CVE-2025-47725 Out-of-bounds Write in CNCSoft

Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

CVE-2025-45854

JEHC-BPM contains a Remote Code Execution vulnerability in the /server/executeExec endpoint. The issue affects JEHC-BPM

CVE-2024-57337

An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file...

[SECURITY] [DSA 5930-1] libavif security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5930-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 29, 2025 https://www.debian.org/security/faq -...

CVE-2025-27151

CVE-2025-27151 affects Redis releases from 7.0.0 up to before 8.0.2. Root cause: a stack-based buffer overflow in redis-check-aof caused by copying a user-supplied filepath into a fixed-size stack buffer using memcpy with strlen(filepath). Potential for code execution as described in the sources....

CVE-2025-3357 IBM Tivoli Monitoring code execution

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array...

CVE-2024-57338

The CVE-2024-57338 entry affects M2Soft CROWNIX Report & ERS. Affected versions include 5.x up to 5.5.14.1070, 7.x up to 7.4.3.960, and 8.x up to 8.2.0.345. The vulnerability is an arbitrary file upload that allows execution of arbitrary code via a crafted file. The issue is caused by insecure fi...

CVE-2025-2146

Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera MF656Cdw/Satera MF654Cdw/Satera...

CVE-2024-52800

veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...

CVE-2024-47963

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process...

CVE-2024-47962

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current...

CVE-2024-46475

A reflected cross-site scripting XSS vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

CVE-2024-41361

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution RCE vulnerability via htdocs\manageFilesFolders.php...

CVE-2024-40518

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by adminweixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain...

CVE-2024-25293

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...

CVE-2024-25274

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-21762

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0...