5332 matches found
EUVD-2025-16886
Malicious code in bioql PyPI...
EUVD-2022-46646
Malicious code in bioql PyPI...
EUVD-2022-25954
Malicious code in bioql PyPI...
EUVD-2023-52889
Malicious code in bioql PyPI...
PT-2025-38986
Name of the Vulnerable Software and Affected Versions PivotX CMS version 3.0.0 RC 3 Description A Cross Site Scripting issue exists in PivotX CMS version 3.0.0 RC 3. This allows a remote attacker to execute arbitrary code through the subtitle field. Recommendations At the moment, there is no...
CVE-2024-8393
The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary...
CVE-2025-27577 liteos_a has a race condition vulnerability
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition...
PT-2025-31856 · Zkeacms · Zkeacms
Name of the Vulnerable Software and Affected Versions: ZKEACMS version 4.1 Description: An arbitrary file upload vulnerability exists in ZKEACMS version 4.1, allowing attackers to execute arbitrary code by uploading a crafted file. Recommendations: At the moment, there is no information about a...
Adobe Framemaker heap buffer overflow vulnerability (CNVD-2025-16224)
Adobe FrameMaker is a powerful tool for creating complex technical documentation and publishing it to a variety of delivery channels. A heap buffer overflow vulnerability exists in Adobe Framemaker versions 2020.8, 2022.6 and earlier. An attacker can exploit this vulnerability to execute arbitrar...
PT-2025-26857 · Microsens · Microsens Nmp Web+
Name of the Vulnerable Software and Affected Versions: MICROSENS NMP Web+ affected versions not specified Description: The issue could allow an unauthenticated attacker to overwrite files and execute arbitrary code. Recommendations: At the moment, there is no information about a newer version tha...
TeamViewer Incorrect Permission Assignment Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service,...
Google Chrome Resource Management Error Vulnerability
Google Chrome is a popular web browser. Google Chrome suffers from a resource management error vulnerability, which stems from a post-release reuse of a media component, that can be exploited by an attacker to cause an application to crash or execute arbitrary code in the context of the applicati...
CVE-2025-40727 Reflected Cross-Site Scripting (XSS) in Phoenix CMS
A Reflected Cross Site Scripting XSS vulnerability was found in '/search' in Phoenix Site CMS from Phoenix, which allows remote attackers to execute arbitrary code via 's' GET parameter...
Arbitrary File Upload
xyz.erupt, erupt is vulnerable to arbitrary file upload. The vulnerability is due to improper validation in the /upload/GoodsCategory/image component, allowing attackers to upload crafted files and execute arbitrary code...
CVE-2025-27955
Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code...
CVE-2025-27953
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component...
CVE-2025-27954
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx...
SolarWinds DameWare Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds DameWare Mini Remote Control Service. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...
PT-2025-23211
Name of the Vulnerable Software and Affected Versions Santesoft Sante DICOM Viewer Pro affected versions not specified Description The issue is a memory corruption vulnerability that could be exploited by a local attacker to potentially disclose information and execute arbitrary code on affected...
CVE-2024-57337
An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file...