mooSocial v.3.1.8 - Cross-Site Scripting

Cross-Site Scripting XSS vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. id: CVE-2023-44813 info: name: mooSocial v.3.1.8 - Cross-Site Scripting author: ritikchaddha severity:...

PT-2026-47520

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue exists in the ServiceWorker component. This allows a remote attacker who has already compromised the renderer process to execute arbitrary code within a sandbox ...

CVE-2026-4345

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

CVE-2026-11201

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2026-7480

An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC call that bypass the validation mechanism. Refer to the 'Security Update for ASUS System Control...

CVE-2026-7480

An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC call that bypass the validation mechanism. Refer to the 'Security Update for ASUS System Control...

Cybertron Privacy Drive 代码问题漏洞

Cybertron Privacy Drive is a security software from Cybertron Corporation that supports disk encryption, creation of virtual encrypted volumes, and protection of privacy data. Version 3.17.0 of Cybertron Privacy Drive has a code vulnerability. This vulnerability stems from an unreferenced service...

EUVD-2023-31489

An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file...

The vulnerability was exploited in Microsoft SQL Server

Microsoft has identified a vulnerability in SQL Server. A malicious individual with authorized access can exploit this vulnerability to execute arbitrary code under the control of the SQL Server. Microsoft has provided updates that address the described vulnerabilities. We recommend that you...

CVE-2026-8069

PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation LPE vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrar...

CVE-2026-20034

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability ...

CVE-2026-3199

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control...

CVE-2018-25222

SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 1052 bytes to overwrite the instruction pointer and execute...

CVE-2026-0940

A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code...

CVE-2026-2713

The CVE-2026-2713 entry concerns the IBM Trusteer Rapport installer (v3.5.2309.290) and CWE-427 Uncontrolled Search Path Element. A local attacker could execute arbitrary code by placing a crafted file in a compromised folder during installation. IBM has issued a fixed installer (v3.5.2504.127); ...

CVE-2020-37102

Adaware Web Companion 4.9.2159 contains an unquoted service path vulnerability in the WCAssistantService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges...

CVE-2021-47847

Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject malicious...

Arbitrary File Upload

@n8n/n8n-nodes-langchain is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation and handling of uploaded files in the Chat Trigger component, which allows an attacker to upload a crafted HTML file and execute arbitrary code on the affected system...

CVE-2025-65783

CVE-2025-65783: Hubert Hub v2.0 1.27.3 contains an arbitrary file upload flaw in /utils/uploadFile that allows an attacker to execute arbitrary code by uploading a crafted PDF. The description and connected Red Hat/NVD entries confirm the vulnerability type and impact (remote, no authentication, ...

CVE-2023-29075

A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...