CVE-2025-21122 Photoshop Desktop | Integer Underflow (Wrap or Wraparound) (CWE-191)

Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious fi...

Microsoft SharePoint Code Execution Vulnerability (CNVD-2024-48755)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A code execution...

CVE-2024-55877 XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList

XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of XWiki.WikiMacroClass to any page. This compromises the confidentiality, integrity...

Adobe Illustrator < 28.7.3 / 29.0.0 < 29.1.0 Multiple Arbitrary code execution (APSB24-94)

The version of Adobe Illustrator installed on the remote Windows host is prior to 28.7.3, 29.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-94 advisory. - Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds write vulnerability...

Microsoft Excel Remote Code Execution Vulnerability (CNVD-2024-45318)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A remote code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Office Remote Code Execution Vulnerability (CNVD-2024-42942)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A remote code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

Apache OFBiz Code Execution Vulnerability (CNVD-2024-39150)

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A code execution vulnerability exists in Apache OFBiz, which can be exploited by an attacker to execute...

Microsoft Office Remote Code Execution Vulnerability (CNVD-2024-28624)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A remote code execution vulnerability exists in Microsoft Office. An attacker can exploit this vulnerabilit...

WBSAirback Code Execution Vulnerability (CNVD-2024-27125)

WBSAirback is a next generation storage and backup system from WBSAirback. A code execution vulnerability exists in WBSAirback version 21.02.04, which can be exploited by an attacker to execute arbitrary code...

Microsoft DNS Server Remote Code Execution Vulnerability (CNVD-2024-36377)

Microsoft DNS Server is a service of Microsoft Corporation USA. A remote code execution vulnerability exists in Microsoft DNS Server, which can be exploited by an attacker to execute arbitrary code on a system...

Bento4 Ap4StsdAtom.cpp file code execution vulnerability

Bento4 is an open source C++ library for reading and writing MP4 files. A code execution vulnerability exists in the Bento4 Ap4StsdAtom.cpp file, which stems from the failure of the AP4StsdAtom::AP4StsdAtom method of the Ap4StsdAtom.cpp file to correctly filter the special elements of the...

D-Link DIR-845L Code Execution Vulnerability

The D-Link DIR-845 is a wireless router from China-based AUO D-Link. A code execution vulnerability exists in D-Link DIR-845L v1.01KRb03 and earlier versions, which stems from the soapcgimain function failing to correctly filter the special elements of the constructor snippet in the cgibin binary...

GTKWave code execution vulnerability (CNVD-2024-36927)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. A code execution vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to potentially cause arbitrary code execution via a specially crafted fst file...

GTKWave Code Execution Vulnerability (CNVD-2024-36925)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. A code execution vulnerability exists in GTKWave version 3.3.118, which can be exploited by an attacker to potentially cause arbitrary code execution via a specially crafted fst file...

Google Chrome memory misreference vulnerability (CNVD-2024-10413)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a memory misreference vulnerability that is due to free usage in the WebGPU. An attacker can exploit the vulnerability to execute arbitrary code on the system...

Code injection

An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter...

K43871899: binutils vulnerability CVE-2018-1000876

Security Advisory Description binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfdgetdynamicrelocupperbound,bfdcanonicalizedynamicreloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. Th...

CVE-2020-19824

An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the aoc parameter...

CVE-2022-27538

A potential Time-of-Check to Time-of-Use TOCTOU vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability...

CVE-2022-45479

PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H...