Linux Ratfor Buffer Overflow Vulnerability

Linux Ratfor is a programming language implemented as a preprocessor for Fortran 66. A buffer overflow vulnerability exists in Linux Ratfor 1.06 and earlier versions, which stems from an application boundary error when handling untrusted input. An attacker could exploit the vulnerability to execu...

Adobe Illustrator Memory Misreference Vulnerability (CNVD-2025-04203)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to execute arbitrary code in the current user's environment...

Unspecified Vulnerability in Apple GarageBand (CNVD-2025-06484)

Apple GarageBand is an application from Apple USA. An unspecified vulnerability exists in Apple GarageBand, which can be exploited by an attacker to execute arbitrary code...

CVE-2024-57407

An arbitrary file upload vulnerability in the component /userPicture of Timo v2.0.3 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2025-0902

PDF-XChange Editor is affected by a vulnerability in the XPS file parsing module that can cause an out-of-bounds read and information disclosure. Root cause: insufficient validation of user-supplied data during XPS parsing, leading to reading beyond an allocated object. Impact: information disclo...

CVE-2024-33659

The CVE-2024-33659 entry concerns AMI AptioV BIOS with an Improper Input Validation flaw that allows a local attacker to overwrite memory and execute arbitrary code at the System Management Mode (SMM) level, impacting confidentiality, integrity, and availability. Documents consistently identify t...

CVE-2024-57407

CVE-2024-57407 affects Timo v2.0.3, with a vulnerability in the /userPicture component allowing an attacker to upload a crafted file and potentially execute arbitrary code. Documented impact per CVSSv3.1: High (7.3), network attack vector, low attack complexity, privileges required: Low, user int...

Mozilla Firefox Memory Corruption Vulnerability (CNVD-2025-18674)

Mozilla Firefox is an open source WEB browser. Mozilla Firefox suffers from a memory corruption vulnerability that can be exploited by a remote attacker to submit a special Web request, which induces the user to parse it, and can be used in the context of the application to execute arbitrary code...

USN-7259-1: GNU C Library vulnerability

It was discovered that GNU C Library incorrectly handled memory when using the assert function. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

CVE-2022-39882

Heap overflow vulnerability in sflacffalbytespeek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code...

CVE-2024-7013

Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file...

CVE-2024-12669

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2024-29830

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code...

CVE-2025-23114

The CVE-2025-23114 entry maps to a vulnerability in the Veeam Updater component of Veeam Backup products, caused by improper TLS certificate validation. According to multiple sources, this design flaw allows Man-in-the-Middle attackers to execute arbitrary code on the affected server, with high-i...

CVE-2024-20844

Out-of-bounds write vulnerability while parsing remaining codewords in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code...

CVE-2024-37381

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code...

CVE-2024-53963 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted UR...

CVE-2024-35154

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM...

CVE-2025-24966 HTML Injection in reNgine

reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the...

CVE-2025-20882

Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability...