CVE-2019-3562

A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11...

CVE-2013-4878

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than...

CVE-2019-10769

safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError...

CVE-2011-4453

The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP createfunction function...

Remote Code Execution (RCE)

vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper socket binding in the TCPStore and PyNcclPipe services listening on all network interfaces, potentially allowing unauthorized access to control message channels...

CVE-2013-3591

vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability...

CVE-2019-10267

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the...

CVE-2019-10100

In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-template field to...

CVE-2011-4256

The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors...

CVE-2025-3484 MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability. The specif...

CVE-2025-3883 eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability

eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this...

CVE-2025-3881 eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability

eCharge Hardy Barth cPH2 checkreq.php ntp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this...

CVE-2025-3887

CVE-2025-3887 affects the GStreamer Gst-plugins-bad1.0 H.265 codec parser. The flaw is a stack-based buffer overflow caused by insufficient validation of user-supplied data length before copying to a fixed-length buffer in the H.265 slice header parsing. This can lead to remote code execution in ...

CVE-2013-6866

SAP Sybase Adaptive Server Enterprise ASE before 15.0.3 ESD4.3, 15.5 before 15.5 ESD5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR736689...

CVE-2013-20002

Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework before 1.2.2 wp-content/themes/elemin/themify/themify-ajax.php file...

CVE-2005-2679

Buffer overflow in Sysinternals Process Explorer 9.23, and other versions before 9.25, allows local users to execute arbitrary code via a long CompanyName field in the VersionInfo information in a running process...

CVE-2025-48200

The srfeuserregister extension through 12.4.8 for TYPO3 allows Remote Code Execution...

Microsoft Office Code Execution Vulnerability (CNVD-2025-10613)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-10451)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which is caused due to a heap buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code on the system...

CVE-2025-23123

A malicious actor with access to the management network could execute a remote code execution RCE by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras Version 4.75.43 and earlier firmware...