CVE-2021-21386

APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. APKLeaks prior to v2.0.3 allows remote attackers to execute arbitrary OS commands via package name inside application manifest. An attacker could include arguments that allow unintended commands or code to be...

CVE-2019-18982

bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header...

Vyper's `slice()` may elide side-effects when output length is 0

Impact the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. the reason is that for these source locations, the check that length = 1 is skipped:...

Amazon Linux 2 : libreoffice (ALASLIBREOFFICE-2025-007)

The version of libreoffice installed on the remote host is prior to 5.3.6.1-21. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2LIBREOFFICE-2025-007 advisory. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Documen...

Local Code Execution (LCE)

XPixelGroup BasicSR is vulnerable to local code execution. The vulnerability is due to improper handling of a crafted SLURMNODELIST environment variable when executing "scontrol show hostname", allowing crafted input to influence command execution...

gcc security update

An update is available for gcc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ad...

Linux Distros Unpatched Vulnerability : CVE-2023-36479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have th...

Linux Distros Unpatched Vulnerability : CVE-2020-1931

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration .cf files can be configured to run system...

CVE-2020-10906

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2024-56174

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history...

CVE-2024-55878

The CVE-2024-55878 entry affects SimpleXLSX (PHP library for parsing Excel XLSX files). The vulnerability lies in the extended toHTMLEx method, exploited when calling toHTMLEx in versions 1.0.12 through 1.1.11, allowing arbitrary JavaScript execution (XSS) in affected contexts. Impact is elevated...

PT-2024-20009 · Parisneo · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version latest Description: A remote code execution issue exists due to insufficient path sanitization in the reinstall binding functionality. This allows an attacker to exploit path traversal and navigate to arbitrary...

openSUSE: Security Advisory for go1.21 (SUSE-SU-2023:4017-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-50136

Cross Site Scripting XSS vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table...

SUSE-SU-2023:4017-1 Security update for go1.21

This update for go1.21 fixes the following issues: - Updated to version 1.21.2 bsc1212475: - CVE-2023-39323: Fixed an arbitrary execution issue during build time due to path directive bypass bsc1215985...

Google Chrome Code Execution Vulnerability (CNVD-2023-63471)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that stems from a mal-execution issue in Extensions. An attacker could exploit this vulnerability to execute arbitrary code on a system or cause an application to crash...

GHSA-93HQ-5WGC-JC82 GovernorCompatibilityBravo may trim proposal calldata

Impact The proposal creation entrypoint propose in GovernorCompatibilityBravo allows the creation of proposals with a signatures array shorter than the calldatas array. This causes the additional elements of the latter to be ignored, and if the proposal succeeds the corresponding actions would...

PT-2023-1494 · Suse · Suse Rancher

Name of the Vulnerable Software and Affected Versions: SUSE Rancher versions prior to 2.5.17 SUSE Rancher versions prior to 2.6.10 SUSE Rancher versions prior to 2.7.1 Description: A code execution issue exists due to improper neutralization of special elements used in an OS command. This issue c...

PT-2022-19115 · Hewlett Packard · Hpe Integrated Lights-Out 5 +1

Name of the Vulnerable Software and Affected Versions: HPE Integrated Lights-Out 5 iLO 5 versions prior to 2.71 Description: A local arbitrary code execution issue was discovered in HPE Integrated Lights-Out 5 iLO 5 firmware. An unprivileged user could locally exploit this issue to execute...

PT-2022-19116 · Hewlett Packard · Hpe Integrated Lights-Out 5 +1

Name of the Vulnerable Software and Affected Versions: HPE Integrated Lights-Out 5 iLO 5 versions prior to 2.71 Description: A local arbitrary code execution issue was discovered, allowing an unprivileged user to execute arbitrary code, resulting in a complete loss of confidentiality, integrity,...