CVE-2025-25791

The CVE-2025-25791 entry describes an arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1. Attackers can upload a crafted Zip file to execute arbitrary code on the affected system. The impact is limited to code execution via the upload path, as per the descript...

ROS-20250226-14

A vulnerability in the gzipdowrite function of the zlib compression library of the cURL command-line utility is related to an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely, bypass the ASLR protection mechanism, execute arbitrary code, or cause a denia...

Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows...

CVE-2025-25766

An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file...

Linux Ratfor Buffer Overflow Vulnerability

Linux Ratfor is a programming language implemented as a preprocessor for Fortran 66. A buffer overflow vulnerability exists in Linux Ratfor 1.06 and earlier versions, which stems from an application boundary error when handling untrusted input. An attacker could exploit the vulnerability to execu...

Adobe Illustrator Memory Misreference Vulnerability (CNVD-2025-04203)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to execute arbitrary code in the current user's environment...

Unspecified Vulnerability in Apple GarageBand (CNVD-2025-06484)

Apple GarageBand is an application from Apple USA. An unspecified vulnerability exists in Apple GarageBand, which can be exploited by an attacker to execute arbitrary code...

CVE-2024-57407

An arbitrary file upload vulnerability in the component /userPicture of Timo v2.0.3 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2025-0902

PDF-XChange Editor is affected by a vulnerability in the XPS file parsing module that can cause an out-of-bounds read and information disclosure. Root cause: insufficient validation of user-supplied data during XPS parsing, leading to reading beyond an allocated object. Impact: information disclo...

CVE-2024-33659

The CVE-2024-33659 entry concerns AMI AptioV BIOS with an Improper Input Validation flaw that allows a local attacker to overwrite memory and execute arbitrary code at the System Management Mode (SMM) level, impacting confidentiality, integrity, and availability. Documents consistently identify t...

CVE-2024-57407

CVE-2024-57407 affects Timo v2.0.3, with a vulnerability in the /userPicture component allowing an attacker to upload a crafted file and potentially execute arbitrary code. Documented impact per CVSSv3.1: High (7.3), network attack vector, low attack complexity, privileges required: Low, user int...

Mozilla Firefox Memory Corruption Vulnerability (CNVD-2025-18674)

Mozilla Firefox is an open source WEB browser. Mozilla Firefox suffers from a memory corruption vulnerability that can be exploited by a remote attacker to submit a special Web request, which induces the user to parse it, and can be used in the context of the application to execute arbitrary code...

USN-7259-1: GNU C Library vulnerability

It was discovered that GNU C Library incorrectly handled memory when using the assert function. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

CVE-2022-39882

Heap overflow vulnerability in sflacffalbytespeek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code...

CVE-2024-7013

Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file...

CVE-2024-12669

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2024-29830

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code...

CVE-2025-23114

The CVE-2025-23114 entry maps to a vulnerability in the Veeam Updater component of Veeam Backup products, caused by improper TLS certificate validation. According to multiple sources, this design flaw allows Man-in-the-Middle attackers to execute arbitrary code on the affected server, with high-i...

CVE-2024-20844

Out-of-bounds write vulnerability while parsing remaining codewords in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code...

CVE-2024-37381

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code...