CVE-2022-50915 PTPublisher 2.3.4 - Unquoted Service Path

PTPublisher 2.3.4 contains an unquoted service path vulnerability in the PTProtect service that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files x86\Primera...

CVE-2022-50911

Bitrix24 is affected by CVE-2022-50911 per connected sources, described as an authenticated remote code execution vulnerability. An attacker with valid credentials could abuse the PHP command-line administration interface by sending crafted POST requests to an admin endpoint to execute arbitrary ...

EUVD-2026-2046

A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privilege...

CVE-2025-37176

CVE-2025-37176 is an authenticated command-injection vulnerability in Aruba AOS-8. An authenticated privileged user can alter a package header to inject shell commands, potentially causing arbitrary command execution with the privileges of the impacted mechanism. The issue is documented across mu...

CVE-2025-37176 Authenticated Command Injection Vulnerability in an AOS-8 operating system's internal workflow

A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privilege...

CVE-2025-37169

CVE-2025-37169 affects the AOS-10 web-based management interface of a Mobility Gateway; a stack overflow could allow an authenticated attacker to execute arbitrary code as a privileged OS user. Evidence across connected advisories confirms the issue is in ArubaOS (AOS-10) web management, with rem...

CVE-2026-20955

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

CVE-2026-0386

Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network...

CVE-2026-20950

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

PT-2026-2412

Name of the Vulnerable Software and Affected Versions WBCE CMS version 1.5.2 Description The software contains an authenticated remote code execution issue. Attackers can upload malicious droplets through the admin panel. Specifically, authenticated attackers can exploit the droplet upload...

CVE-2025-65783

CVE-2025-65783: Hubert Hub v2.0 1.27.3 contains an arbitrary file upload flaw in /utils/uploadFile that allows an attacker to execute arbitrary code by uploading a crafted PDF. The description and connected Red Hat/NVD entries confirm the vulnerability type and impact (remote, no authentication, ...

PT-2026-2336

Name of the Vulnerable Software and Affected Versions SAP Wily Introscope Enterprise Manager WorkStation affected versions not specified Description An unauthenticated attacker can create a malicious Java Network Launch Protocol JNLP file accessible via a public URL. When a victim clicks this URL...

PT-2026-2459

Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary comman...

PYSEC-2026-86

LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...

CHASE: LLM Agents for Dissecting Malicious PyPI Packages

Modern software package registries like PyPI have become critical infrastructure for software development, but are increasingly exploited by threat actors distributing malicious packages with sophisticated multi-stage attack chains. While Large Language Models LLMs offer promising capabilities fo...

CVE-2005-1859

Unknown vulnerability in arshell in the Array Service arrayd for SGI ProPack 3 with SP 5 and 6, and SGI ProPack 4, allows local users to execute arbitrary shells as root on other hosts in the cluster or array...

CVE-2005-1639

SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 allows remote attackers to execute arbitrary SQL commands via the 1 username, 2 password, or 3 domain fields...

CVE-2023-29075

A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2023-31506

A cross-site scripting XSS vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element...

CVE-2023-40958

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/baseclient.py component...