CVE-2025-4657

A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2025-6232

Lenovo Vantage (CVE-2025-6232) shows an improper validation vulnerability where a local attacker could execute code with elevated privileges by modifying certain registry locations. The CVE is tracked with high severity (CVSS 3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H; base score 7.8; CVSS 4.0/AV:L/...

CVE-2025-6232

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations...

CVE-2025-20274

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management...

CVE-2025-40724

Stored Cross-Site Scripting XSS vulnerability in Pharmacy POS PHP Script. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the umedicinename parameter in /editmedicine.php. This vulnerability can be exploited to...

Adobe Framemaker heap buffer overflow vulnerability (CNVD-2025-16224)

Adobe FrameMaker is a powerful tool for creating complex technical documentation and publishing it to a variety of delivery channels. A heap buffer overflow vulnerability exists in Adobe Framemaker versions 2020.8, 2022.6 and earlier. An attacker can exploit this vulnerability to execute arbitrar...

Adobe InDesign Heap Overflow Vulnerability

Adobe InDesign is a desktop publishing DTP application from Adobe, mainly used for layout editing of various printed materials. A heap overflow vulnerability exists in Adobe InDesign processing files, which originates from a partial overwrite of heap memory, and can be exploited by a remote...

Malicious code in @lensapp/eslint-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61bc10b6edfec3225d467f169ee0c13a8d66637e96186f959196d0ae15822ad6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-52089

A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges...

CVE-2025-42985

Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality a...

CVE-2025-49701

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

CVE-2025-48824

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

CVE-2025-49666

CVE-2025-49666 is a Windows Kernel flaw described as a heap-based buffer overflow that enables remote code execution by an authorized attacker over a network. Public data lists attack vector as Network with high impact to confidentiality, integrity, and availability, and requires HIGH privileges ...

CVE-2025-49676

CVE-2025-49676: heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) over network; initial description provides this; connected documents do not add concrete technical details (affected products/versions, root cause, fix). Monitor for updates.

Microsoft Word Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...

jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service...

jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service...

jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service...

SQL Injection

Overview airda is an airda Affected versions of this package are vulnerable to SQL Injection via the execute function in the /v1/chat/completions file when processing the question argument. An attacker can access or modify sensitive data, or disrupt application functionality by sending crafted...

HTTPS Fetch

Fetch and execute an x64 payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/x64/sethostname msf payloadsethostname show actions ...actions... msf payloadsethostname set ACTION msf payloadsethostname show options ...show and set options... msf payloadsethostname run This...