CVE-2024-20437

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for...

CVE-2024-37381

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code...

CVE-2024-4733

The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the hc3session-cookie in versions up to, and including, 4.9.57. This makes it possible for an authenticated attacker with contributor access-level or above to inje...

CVE-2024-53963 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted UR...

CVE-2024-26313

Archer Platform 6.x before 6.14 P2 HF2 6.14.0.2.2 contains a stored cross-site scripting XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data...

CVE-2024-8030

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the ultimatestorekitwishlist cookie in versions up to , and...

CVE-2024-35154

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM...

CVE-2025-24966 HTML Injection in reNgine

reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the...

Security Bulletin: TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocol

Summary TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocold. A patch has been provided that updates the systemd library. CVE-2023-48795, CVE-2023-51385 Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions,...

CVE-2025-22206

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature...

UBUNTU-CVE-2025-1015

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...

CVE-2025-20882

Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability...

VulnCheck KEV: CVE-2025-0411

7-Zip contains a protection mechanism failure vulnerability that allows remote attackers to bypass the Mark-of-the-Web security feature to execute arbitrary code in the context of the current user...

CVE-2025-25181

A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter...

CVE-2025-0366

The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the getsvg function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Exploit for Type Confusion in Mozilla Firefox

CVE-2024-8381 A SpiderMonkey Interpreter Type Confusion Bug...

Exploit for Out-of-bounds Write in Apple Ipados

TRAVERTINE...

CVE-2024-57395

Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters...

CVE-2024-57510

Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4MemoryByteStream::WritePartial...