TeamViewer Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service,...

PT-2025-26857 · Microsens · Microsens Nmp Web+

Name of the Vulnerable Software and Affected Versions: MICROSENS NMP Web+ affected versions not specified Description: The issue could allow an unauthenticated attacker to overwrite files and execute arbitrary code. Recommendations: At the moment, there is no information about a newer version tha...

CVE-2025-43877

WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product...

CVE-2025-52562

Convoy CVE-2025-52562 describes an unauthenticated directory traversal vulnerability in the LocaleController affecting Convoy versions 3.9.0-rc3 through 4.4.0. Exploitation allows including and executing arbitrary PHP files on the server. The issue has been patched in version 4.4.1; a temporary w...

CVE-2025-36049 IBM webMethods Integration Sever XML external entity injection

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands...

Google Chrome Resource Management Error Vulnerability

Google Chrome is a popular web browser. Google Chrome suffers from a resource management error vulnerability, which stems from a post-release reuse of a media component, that can be exploited by an attacker to cause an application to crash or execute arbitrary code in the context of the applicati...

CVE-2025-40727 Reflected Cross-Site Scripting (XSS) in Phoenix CMS

A Reflected Cross Site Scripting XSS vulnerability was found in '/search' in Phoenix Site CMS from Phoenix, which allows remote attackers to execute arbitrary code via 's' GET parameter...

CVE-2025-49468

A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the idmodule parameter...

Arbitrary File Upload

xyz.erupt, erupt is vulnerable to arbitrary file upload. The vulnerability is due to improper validation in the /upload/GoodsCategory/image component, allowing attackers to upload crafted files and execute arbitrary code...

CVE-2025-27955

Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code...

CVE-2025-27953

An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component...

CVE-2025-27954

An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx...

SolarWinds DameWare Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds DameWare Mini Remote Control Service. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

PT-2025-23211

Name of the Vulnerable Software and Affected Versions Santesoft Sante DICOM Viewer Pro affected versions not specified Description The issue is a memory corruption vulnerability that could be exploited by a local attacker to potentially disclose information and execute arbitrary code on affected...

CVE-2024-57337

An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file...

CVE-2024-46441

An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php called from app/admin/controller/ypay/Home.php. The file extension of an uncompressed file is not checked...

CVE-2024-40551

An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-29167

SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product...

CVE-2024-25422

SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMSMenu.php component...

CVE-2024-25226

A cross-site scripting XSS vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function...