2029 matches found
Jan v0.4.12 - Arbitrary File Upload
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-36858 info: name: Jan v0.4.12 - Arbitrary File Upload author: pussycat0x severity: critical description: | An arbitrar...
EUVD-2026-42211
A heap bufferflow in pcfReadFont due to missing glyph bounds checking in libXfont2 before 2.0.8 allows attackers authenticated as X client to execute code within the X server...
EUVD-2026-41582
Improper authorization in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-5137
The RTMKit rometheme-for-elementor plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' parameter in the rendertemplates AJAX endpoint, which is used directly in a require/include statement...
CVE-2026-13384
CVE-2026-13384 is an Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent. An authenticated privileged user could remotely execute arbitrary code via specially crafted requests to the Management Web UI. Affected: Fireware OS 12.1–12.12 and 2025.1–2026.2. CVSS details indicate netwo...
USN-8496-1 cifs-utils vulnerability
It was discovered that cifs-utils incorrectly dropped root privileges before looking up user information. A local attacker could possibly use this issue to execute arbitrary code as the root user...
Malicious code in clob-client-math (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b36bbf14a743630a93ba7f8d7529d3fae8073f0f585af4343506be6248fc1b59 [email protected] ships a postinstall script install-check.cjs that fetches a JSON config from...
EUVD-2016-10901
Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or...
MAL-2026-6079 Malicious code in set-proto-chain (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdb11eef3afbfc268bd48a18737884246861c7ae9e6a3d29901ae1379216c633 lib/index.js contains a base64-encoded URL decoding to https://jsonkeeper.com/b/BN77K, an anonymous mutable paste host that is fetched via axios.get;...
CVE-2016-20075
WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...
CVE-2026-8637
Technical details are not publicly available in the provided documents. Monitor for updates.
EUVD-2026-36033
A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network LAN, can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. Thi...
Assisted Migration Agent 后置链接漏洞
Assisted Migration Agent is an open-source virtualization environment data collection and migration planning tool developed by KubeV2V. Assisted Migration Agent has a post-installation vulnerability, which stems from an unauthenticated attacker located within the same network. This attacker...
Lenovo LanSchool Classic 代码问题漏洞
Lenovo LanSchool Classic is a classroom teaching management software developed by Lenovo Corporation. Lenovo LanSchool Classic has code vulnerabilities, which stem from potentially uncontrolled search paths. These vulnerabilities may allow locally authenticated users to execute arbitrary code wit...
EUVD-2026-35540
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...
EUVD-2026-35543
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-45463
Integer underflow wrap or wraparound in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-44818
Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
Microsoft Exchange Server Remote Code Execution Vulnerability
Improper control of generation of code 'code injection' in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network...