CVE-2025-27082

Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlyin...

Exploit for Code Injection in Langflow

CVE-2025-3248-POC POC of CVE-2025-...

Microsoft Windows dxkrnl Untrusted Pointer Dereference Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the dxkrnl.sys...

CVE-2025-2293

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute...

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

Ivanti Endpoint Manager SQL注入漏洞

Ivanti Endpoint Manager is an enterprise-grade endpoint management solution, mainly used for centralized management of various types of devices including Windows, MacOS, Linux, iOS/Android mobile devices, etc., to achieve unified configuration, security control and remote operation and maintenanc...

HGiga iSherlock 操作系统命令注入漏洞

HGiga iSherlock is a series of software products from China Henderson HGiga. HGiga iSherlock suffers from an operating system command injection vulnerability that originates from OS command injection, which could allow a remote unauthorized attacker to execute arbitrary system commands...

HGiga iSherlock 操作系统命令注入漏洞

HGiga iSherlock is a series of software products from China Henderson HGiga. HGiga iSherlock suffers from an operating system command injection vulnerability that originates from OS command injection, which could allow a remote unauthorized attacker to execute arbitrary system commands...

The vulnerability of the Suricata intrusion detection and prevention system, due to insufficient validation of input data, allows attackers to bypass security restrictions and execute arbitrary codes.

The vulnerability of the Suricata intrusion detection and prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to bypass security restrictions and execute arbitrary code...

Exim Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Exim. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the dp command...

Malicious code in rlusd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 629e6d48825f1e58a7575a37bc976ac9d955d1e6b0a8a3782539fd168ddc570e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-13645

The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers to Instantiate a PHP Object. No known POP chain is present in the vulnerable software, which mean...

CVE-2025-0415

A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for...

KLA82346 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, spoof user interface, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Type...

CVE-2025-20120

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device. This...

CVE-2025-20203

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. The...

KLA82270 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Inappropriate implementation vulnerability in Custom Tabs can b...

Ubuntu 18.04 LTS : Linux kernel (AWS) vulnerabilities (USN-7401-1)

"The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7401-1 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cau...

SUSE-SU-2025:20257-1 Security update for libarchive

This update for libarchive fixes the following issues: - CVE-2025-1632: Fixed null pointer dereference in bsdunzip.c bsc1237606 - CVE-2025-25724: Fixed Buffer Overflow vulnerability in libarchive bsc1238610 - CVE-2024-48958: Fixed out-of-bounds access in executefilterdelta bsc1231624 -...

Security update for libarchive

This update for libarchive fixes the following issues: CVE-2025-1632: Fixed null pointer dereference in bsdunzip.c bsc1237606 CVE-2025-25724: Fixed Buffer Overflow vulnerability in libarchive bsc1238610 CVE-2024-48958: Fixed out-of-bounds access in executefilterdelta bsc1231624 CVE-2024-20697:...