Microsoft Message Queuing 安全漏洞

Microsoft Message Queuing is a Microsoft solution for implementing asynchronous and synchronous scenarios that require high performance. A security vulnerability exists in Microsoft Message Queuing. An attacker exploiting this vulnerability could execute code. The following products and versions...

GO-2025-3858 Privileged OpenBao Operator May Execute Code on the Underlying Host in github.com/openbao/openbao

Privileged OpenBao Operator May Execute Code on the Underlying Host in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

Linux Distros Unpatched Vulnerability : CVE-2021-29976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption a...

NVIDIA Triton Inference Server 安全漏洞

Triton Inference Server is a high-performance inference service engine developed by NVIDIA, designed for AI model deployment in production environments, with support for a variety of frameworks TensorFlow, PyTorch, ONNX, etc. and optimized inference performance for GPUs and CPUs. A stack overflow...

PaperCut NG < 20.1.8 / 21.x < 21.2.12 / 22.x < 22.1.1 CSRF

The version of PaperCut NG installed on the remote Windows host is affected by a vulnerability. A Cross-Site Request Forgery CSRF vulnerability has been identified in PaperCut MF/NG, which, under specific conditions, could potentially enable an attacker to alter security settings or execute...

CVE-2025-7033

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose...

PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability

PaperCut NG/MF contains a cross-site request forgery CSRF vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code...

CVE-2025-7917

WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2025-6232

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations...

CVE-2025-6232

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations...

CVE-2025-4657

A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2025-6232

Lenovo Vantage (CVE-2025-6232) shows an improper validation vulnerability where a local attacker could execute code with elevated privileges by modifying certain registry locations. The CVE is tracked with high severity (CVSS 3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H; base score 7.8; CVSS 4.0/AV:L/...

CVE-2025-6232

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations...

Adobe InDesign Heap Overflow Vulnerability

Adobe InDesign is a desktop publishing DTP application from Adobe, mainly used for layout editing of various printed materials. A heap overflow vulnerability exists in Adobe InDesign processing files, which originates from a partial overwrite of heap memory, and can be exploited by a remote...

CVE-2025-49701

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

CVE-2025-48824

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

CVE-2025-49666

CVE-2025-49666 is a Windows Kernel flaw described as a heap-based buffer overflow that enables remote code execution by an authorized attacker over a network. Public data lists attack vector as Network with high impact to confidentiality, integrity, and availability, and requires HIGH privileges ...

CVE-2025-49676

CVE-2025-49676: heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) over network; initial description provides this; connected documents do not add concrete technical details (affected products/versions, root cause, fix). Monitor for updates.

Microsoft Word Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...

MICROSENS NMP Web+ 路径遍历漏洞

MICROSENS NMP Web+ is a network management platform from the German company MICROSENS. MICROSENS NMP Web+ suffers from a path traversal vulnerability that originates from an unauthenticated attacker being able to overwrite files and execute arbitrary code...