15092 matches found
Web Deploy Remote Code Execution Vulnerability
Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network...
Microsoft Excel Remote Code Execution Vulnerability
Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
Microsoft Message Queuing 安全漏洞
Microsoft Message Queuing is a Microsoft solution for implementing asynchronous and synchronous scenarios that require high performance. A security vulnerability exists in Microsoft Message Queuing. An attacker exploiting this vulnerability could execute code. The following products and versions...
GO-2025-3858 Privileged OpenBao Operator May Execute Code on the Underlying Host in github.com/openbao/openbao
Privileged OpenBao Operator May Execute Code on the Underlying Host in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
CVE-2012-10037
PhpTax 0.8 is affected by a remote code execution in drawimage.php. The pfilez GET parameter is passed directly to exec() without sanitization, allowing an attacker to inject arbitrary shell commands and execute code in the web server context without authentication. Multiple sources (NVD, Red Hat...
BIT-LIBPHP-2021-21704 Multiple vulnerabilities in Firebird client extension
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute, execute, fetch and others by returning invalid response data that is not...
BIT-LIBPYTHON-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter
An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...
CVE-2025-27577 liteos_a has a race condition vulnerability
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition...
PT-2025-32550 · Phptax · Phptax
Name of the Vulnerable Software and Affected Versions: PhpTax version 0.8 Description: PhpTax version 0.8 contains a remote code execution issue in drawimage.php. The pfilez GET parameter is passed to the exec function without proper sanitization. This allows a remote attacker to inject arbitrary...
SUSE-SU-2025:20591-1 Security update for jq
This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jqfuzzexecute jvstringvfmt bsc1244116 - CVE-2024-23337: Fixed signed integer overflow in jv.c:jvparraywrite bsc1243450 - CVE-2024-53427: Fixed stack-buffer-overflow in the decNumberCopy function in...
Security update for jq
This update for jq fixes the following issues: CVE-2025-48060: Fixed stack-buffer-overflow in jqfuzzexecute jvstringvfmt bsc1244116 CVE-2024-23337: Fixed signed integer overflow in jv.c:jvparraywrite bsc1243450 CVE-2024-53427: Fixed stack-buffer-overflow in the decNumberCopy function in decNumber...
Linux Distros Unpatched Vulnerability : CVE-2021-29976
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption a...
SUSE CVE-2025-52903
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0, the Command Execution feature of File Browser only allows the execution of shell command which have been predefined on a...
NVIDIA Triton Inference Server 安全漏洞
Triton Inference Server is a high-performance inference service engine developed by NVIDIA, designed for AI model deployment in production environments, with support for a variety of frameworks TensorFlow, PyTorch, ONNX, etc. and optimized inference performance for GPUs and CPUs. A stack overflow...
PaperCut NG < 20.1.8 / 21.x < 21.2.12 / 22.x < 22.1.1 CSRF
The version of PaperCut NG installed on the remote Windows host is affected by a vulnerability. A Cross-Site Request Forgery CSRF vulnerability has been identified in PaperCut MF/NG, which, under specific conditions, could potentially enable an attacker to alter security settings or execute...
Malicious code in dionisio (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis eafd017c48863d43324ba67c2aa3770cc03881cca223fccfc91da0e8af92c1fa The OpenSSF Package Analysis project identified 'dionisio' @ 2.0.0 np...
CVE-2025-7033
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose...
CVE-2025-54948
A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations...
CVE-2025-54987
A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture...
CVE-2025-8535
A vulnerability, which was classified as problematic, has been found in cronoh NanoVault up to 1.2.1. This issue affects the function executeJavaScript of the file /main.js of the component xrb URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The...