Jan v0.4.12 - Arbitrary File Upload

An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-36858 info: name: Jan v0.4.12 - Arbitrary File Upload author: pussycat0x severity: critical description: | An arbitrar...

EUVD-2016-10901

Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or...

CVE-2016-20075

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

CVE-2026-8637

Technical details are not publicly available in the provided documents. Monitor for updates.

EUVD-2026-36033

A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network LAN, can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. Thi...

Assisted Migration Agent 后置链接漏洞

Assisted Migration Agent is an open-source virtualization environment data collection and migration planning tool developed by KubeV2V. Assisted Migration Agent has a post-installation vulnerability, which stems from an unauthenticated attacker located within the same network. This attacker...

Lenovo LanSchool Classic 代码问题漏洞

Lenovo LanSchool Classic is a classroom teaching management software developed by Lenovo Corporation. Lenovo LanSchool Classic has code vulnerabilities, which stem from potentially uncontrolled search paths. These vulnerabilities may allow locally authenticated users to execute arbitrary code wit...

EUVD-2026-35540

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...

EUVD-2026-35543

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...

Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...

Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

Microsoft Exchange Server Remote Code Execution Vulnerability

Improper control of generation of code 'code injection' in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network...

PT-2026-48009

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description A heap-based buffer overflow allows an unauthorized attacker to execute arbitrary code locally and remotely, affecting the system. A heap-based buffer overflow occurs when an...

PT-2026-47912

Name of the Vulnerable Software and Affected Versions Windows Deployment Services affected versions not specified Description A use after free issue in Windows Deployment Services allows an unauthorized remote attacker to execute arbitrary code over a network, potentially affecting the entire...

Microsoft Windows 安全漏洞

Microsoft Windows is an operating system used on personal devices by the American company Microsoft. There are security vulnerabilities in Microsoft Windows, which stem from SecureBoot bypasses. These vulnerabilities could allow attackers with administrative privileges or those capable of modifyi...

Microsoft Active Directory Domain Services 安全漏洞

Microsoft Active Directory Domain Services is a key service provided by Microsoft Corporation in the United States. It is used to manage and organize resources, users, computers, and other security objects within a network. There are security vulnerabilities associated with Microsoft Active...

PT-2026-47945

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description A type confusion issue occurs when a resource is accessed using an incompatible type. This allows an unauthorized attacker to execute code locally within Microsoft Outlook and Word...

PT-2026-47917

Name of the Vulnerable Software and Affected Versions Remote Desktop Client affected versions not specified Description A heap-based buffer overflow allows an unauthorized attacker to execute arbitrary code over a network, which can affect the system. A heap-based buffer overflow occurs when an...

CVE-2026-7566

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

SUSE CVE-2026-10926

Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to execute arbitrary code via malicious network traffic. Chromium security severity: High...