CVE-2025-20376

The collection shows CVE-2025-20376 affecting Cisco Unified CCX web UI, due to insufficient input validation in the file upload mechanism. An authenticated, remote attacker could upload a malicious file via the web UI and execute arbitrary commands on the underlying system, with potential privile...

CVE-2025-11704

The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...

CVE-2025-11704

The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...

CVE-2025-11920 WPCOM Member <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

EUVD-2025-37390

Protection mechanism failure in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

EUVD-2025-36993

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

Excellent Infotek Document Management System 代码问题漏洞

Excellent Infotek Document Management System is a document management system from Excellent Infotek Taiwan, China. A code issue vulnerability exists in the Excellent Infotek Document Management System that stems from an arbitrary file upload vulnerability that could allow an unauthenticated, remo...

EUVD-2025-34614

A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges...

RSUPPORT RemoteCall Remote Support Program 代码问题漏洞

RSUPPORT RemoteCall Remote Support Program is a remote assistance software from the Korean company RSUPPORT. A code issue vulnerability exists in RSUPPORT RemoteCall Remote Support Program versions prior to 5.1.0, which stems from an uncontrolled search path element that could lead to the executi...

CVE-2025-61799

Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...

EUVD-2025-34383

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...

EUVD-2025-34381

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

EUVD-2025-34284

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

EUVD-2025-34320

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

CVE-2025-58737

Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally...

CVE-2025-57740

An Heap-based Buffer Overflow vulnerability CWE-122 in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions an...

Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

PT-2025-42074

Name of the Vulnerable Software and Affected Versions Inbox COM Objects affected versions not specified Description A use-after-free condition exists in Inbox COM Objects. This allows an unauthorized attacker to execute code locally. Recommendations At the moment, there is no information about a...

PT-2025-42107

Name of the Vulnerable Software and Affected Versions Microsoft Office Word affected versions not specified Description A use-after-free condition exists in Microsoft Office Word that could allow an unauthorized attacker to execute code locally. Recommendations At the moment, there is no...

CVE-2025-11673

SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server...