CVE-2025-62846 QuRouter

An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...

CVE-2026-29109

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator to execute arbitrary...

QNAP Systems QHora SQL注入漏洞

QNAP Systems QHora is a router product of QNAP Systems, a company based in Taiwan, China. The QNAP Systems QHora device has a SQL injection vulnerability. This vulnerability arises from SQL injections, which may allow local attackers to obtain administrator accounts and execute unauthorized code ...

CVE-2026-1463

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

CVE-2026-1323

CVE-2026-1323 highlights an insecure deserialization flaw in the TYPO3 mailqueue extension, specifically in the TransportFailure class. An attacker could execute untrusted serialized code, but an active exploit requires write access to the directory configured by $GLOBALS['TYPO3_CONF_VARS']['MAIL...

CVE-2026-28519

arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buffer, potentially allowing execution of arbitrar...

CVE-2017-20221

The connected docs confirm a CSRF vulnerability in Telesquare SKT LTE Router SDT-CS3B1 (fw v1.2.0). Authenticated attackers can abuse missing request validation to cause arbitrary system command execution with router privileges by visiting a malicious page that triggers administrative actions. Th...

PT-2026-25739

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when...

CVE-2025-15060

The CVE-2025-15060 vulnerability affects claude-hovercraft through the executeClaudeCode method, enabling Command Injection and Remote Code Execution. The flaw arises from insufficient validation of a user-supplied string before executing a system call, allowing an attacker to run arbitrary code ...

CVE-2026-0940

A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code...

CVE-2025-66956

Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL...

CVE-2026-0940

A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code...

CVE-2024-14025

Summary (CVE-2024-14025): An SQL injection vulnerability affects QNAP Video Station. Exploitation requires local network access and an administrative account; successful exploitation could allow execution of unauthorized code or commands. The issue has been fixed in Video Station 5.8.2 and later....

CVE-2024-14025 Video Station

An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the...

R 安全漏洞

R is a statistical computing software developed by The R Foundation. Version 3.4.4 of R contains a security vulnerability. This vulnerability stems from a buffer overflow in the GUI preference language menu field, which could allow local attackers to bypass DEP and ASLR protections and execute...

CVE-2026-2713

The CVE-2026-2713 entry concerns the IBM Trusteer Rapport installer (v3.5.2309.290) and CWE-427 Uncontrolled Search Path Element. A local attacker could execute arbitrary code by placing a crafted file in a compromised folder during installation. IBM has issued a fixed installer (v3.5.2504.127); ...

EUVD-2026-10678

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

EUVD-2025-208488

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigDa...

Microsoft Excel Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

CVE-2026-26982

Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 Ctrl+C in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an attacker to convince the user to copy and paste or drag and drop...