Unspecified vulnerability in Siemens SICAM P850 and SICAM P855 Devices (CNVD-2022-36397)

The SICAM P850 Multifunctional Measurement Device is used to collect, visualize, evaluate and transmit electrical measurement variables such as AC current, AC voltage, frequency, power, harmonics, etc. The SICAM P855 Multifunctional Device is used to collect, display and transmit measured...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libxml2 Vulnerability (NS-SA-2022-0015)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libxml2 packages installed that are affected by a vulnerability: - xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forb...

NewStart CGSL CORE 5.05 / MAIN 5.05 : xterm Vulnerability (NS-SA-2022-0032)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has xterm packages installed that are affected by a vulnerability: - xterm before Patch 366 allows remote attackers to execute arbitrary code or cause a denial of service segmentation fault via a crafted UTF-8 combining charact...

Heap overflow

All versions of GurumDDS are vulnerable to heap-based buffer overflow, which may cause a denial-of-service condition or remotely execute arbitrary code...

USN-5390-2: Linux kernel (Raspberry Pi) vulnerabilities

David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-1015 David Bouman discovered that the netfilter subsystem in t...

CVE-2022-28792

DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking...

OpenSymphony XWork vulnerable to improper input validation

XWork is an command-pattern framework that is used to power WebWork as well as other applications. Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language OGNL expression...

CVE-2022-28053

Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-28053

Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-28440

An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2021-40386

Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code...

PayloadCMS arbitrary file upload vulnerability

PayloadCMS is a Headless CMS and application framework built using TypeScript, Node.js, React and MongoDB.PayloadCMS is vulnerable to arbitrary file uploads, which can be exploited by attackers to execute arbitrary code via crafted SVG files...

Unrestricted Upload of File with Dangerous Type in Strapi

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...

GHSA-FFHQ-G856-9F2P Arbitrary file upload in Ghost

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-27263

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...

Design/Logic Flaw

An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file...

Design/Logic Flaw

An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file...

Design/Logic Flaw

An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file...

CVE-2022-27263

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...

Adobe Acrobat and Reader Heap-based Buffer Overflow (APSB22-16: CVE-2022-28234)

A buffer overflow vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...