CVE-2024-14025

Summary (CVE-2024-14025): An SQL injection vulnerability affects QNAP Video Station. Exploitation requires local network access and an administrative account; successful exploitation could allow execution of unauthorized code or commands. The issue has been fixed in Video Station 5.8.2 and later....

CVE-2024-14025 Video Station

An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the...

EUVD-2026-10678

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

EUVD-2025-208488

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigDa...

Microsoft Excel Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

PT-2026-24245

A Stack-based Buffer Overflow vulnerability CWE-121 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection a...

postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...

CVE-2026-3823

EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code...

CVE-2026-2599

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...

CVE-2026-2599 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv'

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...

CVE-2025-63910

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...

CVE-2025-63910

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...

ajenti 访问控制错误漏洞

ajenti is an open-source Linux and BSD-based modular server management panel developed by ajenti. Versions of ajenti prior to 2.2.13 contained a security vulnerability related to access control. This vulnerability allowed unverified users to access servers, potentially enabling them to execute...

CVE-2025-69771

CVE-2025-69771 affects asbplayer v1.13.0; a flaw in the subtitle loading function allows arbitrary file upload, enabling arbitrary code execution. No exploitation details are provided in the supplied documents, and remediation information is not available here.

CVE-2019-25435

Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow vulnerability in the user management add user function that allows authenticated attackers to execute arbitrary code by bypassing data execution prevention. Attackers can inject a malicious payload through the Username field in User...

CVE-2018-25158

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute...

CVE-2026-21345

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...

PT-2026-7411

Name of the Vulnerable Software and Affected Versions Azure AI Language Authoring SDK version 1.0.0 Description A flaw exists in the Azure AI Language Authoring SDK that allows an unauthorized attacker to execute code over a network. This is due to the deserialization of untrusted data. The issue...

GIGABYTE MacroHub 安全漏洞

GIGABYTE MacroHub is an open-source recording software developed by GIGABYTE of Taiwan, China. GIGABYTE MacroHub has a security vulnerability, which stems from improper permissions when launching external applications. This vulnerability may allow authenticated local attackers to execute arbitrar...

PYSEC-2026-1 A single post-release of dydx-v4-client contained obfuscated multi-stage loader

A PyPI user account compromised by an attacker and was able to upload a malicious version 1.1.5.post1 of the dydx-v4-client package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible...