NVIDIA ConnectX和NVIDIA BlueField 缓冲区错误漏洞

NVIDIA ConnectX and NVIDIA BlueField are both products of NVIDIA Corporation.NVIDIA ConnectX is a family of Intelligent Network Interface cards.NVIDIA BlueField is a family of data processing units. A buffer error vulnerability exists in NVIDIA ConnectX and NVIDIA BlueField, which stems from a fl...

CVE-2025-31342

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file...

Unspecified Vulnerability in Palo Alto Networks PAN-OS (CNVD-2025-24729)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A security vulnerability exists in Palo Alto Networks PAN-OS, which can be exploited by an attacker to cause a privileged administrator to bypass system restrictions and execute arbitrary...

Excellent Infotek Document Management System 代码问题漏洞

Excellent Infotek Document Management System is a document management system from Excellent Infotek Taiwan, China. A code issue vulnerability exists in the Excellent Infotek Document Management System that stems from an arbitrary file upload vulnerability that could allow an unauthenticated, remo...

Malicious code in src_pages_list_index_tsx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 191404621c42806b5e14f38b5dd6674109c26eb03902fa54c23312ee369c6d72 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-34858

The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server...

CVE-2025-57567

A remote code execution RCE vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme directory /themes/defaut/css/minify.php. An authenticated administrator user can overwrite this file with arbitrary PHP code via the admin panel,...

Malicious code in internal-plugin-lifecycle-card (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 332aa89488a5ecb7012588f98648ef97de374565f906dfc69ff80d4d344e9a03 The OpenSSF Package Analysis project identified 'internal-plugin-lifecycle-card' @ 99.9.10 npm as malicious. It is considered malicious because:...

EUVD-2025-34614

A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges...

RSUPPORT RemoteCall Remote Support Program 代码问题漏洞

RSUPPORT RemoteCall Remote Support Program is a remote assistance software from the Korean company RSUPPORT. A code issue vulnerability exists in RSUPPORT RemoteCall Remote Support Program versions prior to 5.1.0, which stems from an uncontrolled search path element that could lead to the executi...

CVE-2025-61799

Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...

EUVD-2025-34383

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...

EUVD-2025-34381

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

EUVD-2025-34284

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

EUVD-2025-34320

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

CVE-2025-58737

Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally...

CVE-2025-57740

An Heap-based Buffer Overflow vulnerability CWE-122 in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions an...

Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

PT-2025-42074

Name of the Vulnerable Software and Affected Versions Inbox COM Objects affected versions not specified Description A use-after-free condition exists in Inbox COM Objects. This allows an unauthorized attacker to execute code locally. Recommendations At the moment, there is no information about a...

HPE AOS 安全漏洞

HPE AOS is an operating system from HPE Corporation in the United States. A security vulnerability exists in HPE ArubaOS that originates from a remote attacker after authentication that can execute remote commands, which could lead to the execution of arbitrary commands on the underlying operatin...