Microsoft Windows dxkrnl Untrusted Pointer Dereference Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the dxkrnl.sys...

CVE-2025-2293

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute...

Exim Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Exim. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the dp command...

KLA82346 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, spoof user interface, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Type...

CVE-2025-20120

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device. This...

Ubuntu 18.04 LTS : Linux kernel (AWS) vulnerabilities (USN-7401-1)

"The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7401-1 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cau...

KLA82270 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Inappropriate implementation vulnerability in Custom Tabs can b...

CVE-2025-28254

Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to use-after-free due to systemd ( CVE-2022-2526 )

Summary Systemd is used by IBM Cloud Pak for Data as part of the base OS image. CVE-2022-2526 Vulnerability Details CVEID:CVE-2022-2526 DESCRIPTION: systemd could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw due to the onstreamio function and...

CVE-2024-48818

An issue in IIT Bombay, Mumbai, India Bodhitree of cs101 version allows a remote attacker to execute arbitrary code...

CVE-2025-29411

An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-29411

An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-29405

An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5. allows attackers to execute arbitrary code via uploading a crafted PHP file...

nest allows a remote attacker to execute arbitrary code via the Content-Type header

File Upload vulnerability in nestjs nest prior to v.11.0.16 allows a remote attacker to execute arbitrary code via the Content-Type header...

CVE-2025-1432 3DM File Parsing Use-After-Free Vulnerability

A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-1432 3DM File Parsing Use-After-Free Vulnerability

A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

X.Org Server PlayReleasedEvents Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of device...

CVE-2025-25361

CVE-2025-25361 affects PublicCMS v4.0.202406, with an arbitrary file upload vulnerability in /cms/CmsWebFileAdminController.java that enables remote code execution by uploading crafted SVG/XML files. CVSSv3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (score 9.8, CRITICAL). Exploitation context ...

CVE-2025-25723

Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code...

CVE-2025-25783

An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted Zip file...