CVE-2025-12838 MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability

MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

Privilege Escalation

awsadvancedpythonwrapper is vulnerable to Privilege Escalation. The vulnerability is due to improper execution context handling of user-defined functions, which allows an attacker to create crafted functions that execute with elevated privileges and gain unauthorized access...

advisories

It is an advisory repository for undisclosed vulnerabilities. Th...

EUVD-2022-7272

Malicious code in bioql PyPI...

EUVD-2024-51304

Malicious code in bioql PyPI...

CVE-2025-46818 Redis: Authenticated users can execute LUA scripts as a different user

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...

CVE-2025-40762

A vulnerability has been identified in Simcenter Femap V2406 All versions V2406.0003, Simcenter Femap V2412 All versions V2412.0002. The affected applications contain an out of bounds write vulnerability when parsing a specially crafted STP file. This could allow an attacker to execute code in th...

CVE-2025-3486

Allegra isZipEntryValide Directory Traversal Remote Code Execution vulnerability: the flaw is in isZipEntryValide’s path validation, allowing remote code execution with LOCAL SERVICE context when a user-supplied path is used in file operations. Authentication is required to exploit. Multiple trus...

CVE-2025-3486 Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability

Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation...

CVE-2025-29838 Windows ExecutionContext Driver Elevation of Privilege Vulnerability

...

CVE-2025-2020

Ashlar-Vellum Cobalt VC6 file parsing vulnerability (CVE-2025-2020) stems from improper validation in VC6 file parsing, allowing a write past the end of an allocated buffer. This leads to remote code execution in the context of the affected process. Exploitation requires user interaction (target ...

Adobe Animate 数字错误漏洞

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. A security vulnerability exists in Adobe Animate that can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...

Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

CVE-2024-28761

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force I...

CVE-2024-32065

CVE-2024-32065 affects Siemens/Siemens Simcenter Femap (versions prior to V2406). The vulnerability is an out-of-bounds read past the end of an allocated structure while parsing specially crafted IGS files, which could allow code execution in the current process. Affected in Simcenter Femap

CVE-2023-50193

Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target mus...

(0Day) Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

CVE-2022-42371

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Siemens Parasolid 缓冲区错误漏洞

An out-of-bounds write vulnerability exists in Siemens Parasolid, a geometric modeling kernel from Siemens, Germany, due to an out-of-bounds write beyond the end of the allocation structure contained in a specially crafted XB file parsed by the affected application. The vulnerability allows an...