Claude Code 安全漏洞

Claude Code is an open source proxy coding tool from Anthropic. A security vulnerability exists in Claude Code that originates from an unauthorized WebSocket connection and could result in reading arbitrary files or executing code. The following versions are affected: Claude Code for VSCode...

Veeam Backup & Replication 安全漏洞

Veeam Backup & Replication is a backup and replication software from Veeam USA. A security vulnerability exists in Veeam Backup & Replication version 12.3.1.1139 and earlier, which originates from a backup job that can be modified by a user in the Backup Operator role, which could lead to the...

CVE-2025-47959

Improper neutralization of special elements used in a command 'command injection' in Visual Studio allows an authorized attacker to execute code over a network...

CVE-2025-29828

Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network...

Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows...

CVE-2025-27953

An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component...

CVE-2025-27953

An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component...

Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2025-12364)

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. The Delta Electronics CNCSoft-G2 suffers from a buffer overflow vulnerability that originates from insufficient validation of user-supplied data lengths, which can be exploited by an attacker to...

CVE-2024-20843

Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attackers to execute arbitrary code...

CVE-2024-20528

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super Admin credentials. This vulnerability is due to...

CVE-2024-48450

An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group...

CVE-2024-57386

Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function...

CVE-2024-53620

A cross-site scripting XSS vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter...

CVE-2023-52324

An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any...

CVE-2023-32973

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2023-32971

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2023-40041

TOTOLINK T10v2 5.9c.5061B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cstemodules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code...

CVE-2023-46810

A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root...

CVE-2023-39061

Cross Site Request Forgery CSRF vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code...

CVE-2023-3078

An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client UDC that could allow an attacker with local access to execute code with elevated privileges...