6323 matches found
X.Org Server PlayReleasedEvents Use-After-Free Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of device...
CVE-2025-25361
CVE-2025-25361 affects PublicCMS v4.0.202406, with an arbitrary file upload vulnerability in /cms/CmsWebFileAdminController.java that enables remote code execution by uploading crafted SVG/XML files. CVSSv3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (score 9.8, CRITICAL). Exploitation context ...
CVE-2025-25723
Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code...
CVE-2025-25783
An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted Zip file...
CVE-2025-25791
The CVE-2025-25791 entry describes an arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1. Attackers can upload a crafted Zip file to execute arbitrary code on the affected system. The impact is limited to code execution via the upload path, as per the descript...
ROS-20250226-14
A vulnerability in the gzipdowrite function of the zlib compression library of the cURL command-line utility is related to an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely, bypass the ASLR protection mechanism, execute arbitrary code, or cause a denia...
Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows...
CVE-2025-25766
An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file...
Linux Ratfor Buffer Overflow Vulnerability
Linux Ratfor is a programming language implemented as a preprocessor for Fortran 66. A buffer overflow vulnerability exists in Linux Ratfor 1.06 and earlier versions, which stems from an application boundary error when handling untrusted input. An attacker could exploit the vulnerability to execu...
Unspecified Vulnerability in Apple GarageBand (CNVD-2025-06484)
Apple GarageBand is an application from Apple USA. An unspecified vulnerability exists in Apple GarageBand, which can be exploited by an attacker to execute arbitrary code...
Adobe Illustrator Memory Misreference Vulnerability (CNVD-2025-04203)
Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to execute arbitrary code in the current user's environment...
CVE-2024-34930
A SQL injection vulnerability in /model/allevents1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month parameter...
CVE-2024-34935
A SQL injection vulnerability in /view/conversationhistoryadmin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversationid parameter...
CVE-2024-35621
A cross-site scripting XSS vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field...
CVE-2024-57407
An arbitrary file upload vulnerability in the component /userPicture of Timo v2.0.3 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2025-0902
PDF-XChange Editor is affected by a vulnerability in the XPS file parsing module that can cause an out-of-bounds read and information disclosure. Root cause: insufficient validation of user-supplied data during XPS parsing, leading to reading beyond an allocated object. Impact: information disclo...
CVE-2024-33659
The CVE-2024-33659 entry concerns AMI AptioV BIOS with an Improper Input Validation flaw that allows a local attacker to overwrite memory and execute arbitrary code at the System Management Mode (SMM) level, impacting confidentiality, integrity, and availability. Documents consistently identify t...
CVE-2025-25524
Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary...
Mozilla Firefox Memory Corruption Vulnerability (CNVD-2025-18674)
Mozilla Firefox is an open source WEB browser. Mozilla Firefox suffers from a memory corruption vulnerability that can be exploited by a remote attacker to submit a special Web request, which induces the user to parse it, and can be used in the context of the application to execute arbitrary code...
CVE-2024-57407
CVE-2024-57407 affects Timo v2.0.3, with a vulnerability in the /userPicture component allowing an attacker to upload a crafted file and potentially execute arbitrary code. Documented impact per CVSSv3.1: High (7.3), network attack vector, low attack complexity, privileges required: Low, user int...