Dell ThinOS Command Injection Vulnerability

Dell ThinOS is a client operating system from the American company Dell. Dell ThinOS suffers from a command injection vulnerability that arises from an application's failure to properly filter constructed command special characters, commands, etc. The vulnerability can be exploited to execute...

CVE-2024-54018

Multiple improper neutralization of special elements used in an OS Command vulnerabilities CWE-78 in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests...

Zabbix 6.4.17rc1 Remote Code Execution

Zabbix server version 6.4.17rc1 remote code execution exploit that provides a reverse shell. ============================================================================================================================================= | Title : Zabbix server v 6.4.17rc1 PHP Code Injection...

CVE-2024-51953 Stored XSS in ArcGIS Server Rest services

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2025-0975 IBM MQ code execution

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters...

Adobe InDesign Code Execution Vulnerability (CNVD-2025-03642)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. A code execution vulnerability exists in Adobe InDesign that can be exploited by an attacker to execute arbitrary code in the current user's environment...

CVE-2022-40653

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

PSV-2023-0039

creationtimestamp| type| source ---|---|--- 2025-02-01 12:00:00+00:00| seen| https://kb.netgear.com/000066558/Security-Advisory-for-Unauthenticated-RCE-on-Some-WiFi-Routers-PSV-2023-0039 2025-02-10 18:21:16+00:00| seen| https://nvd.nist.gov/vuln/detail/CVE-2025-25246...

Windows Bug Class: Accessing Trapped COM Objects with IDispatch

Posted by James Forshaw, Google Project Zero Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy to develop an object-orientated interface to a service which can cross process and security boundaries. This is because they're designed to support a wide range of...

CVE-2025-21186

Microsoft Access Remote Code Execution Vulnerability...

CVE-2024-39367

An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Microsoft Office Remote Code Execution Vulnerability

...

PT-2024-9899

Name of the Vulnerable Software and Affected Versions DrayTek Vigor2960 and Vigor300B version 1.5.1.4 Description A critical vulnerability exists in the Web Management Interface of DrayTek Vigor2960 and Vigor300B. The issue is related to the manipulation of the session argument in the...

[SECURITY] [DSA 5831-1] gst-plugins-base1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5831-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 14, 2024 https://www.debian.org/security/faq -...

IrfanView Out-of-Bounds Read Vulnerability (CNVD-2024-47204)

IrfanView is an image viewer by the individual developer Irfan Skiljan. It supports image browsing, image editing, image format conversion and more. IrfanView suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current proces...

PT-2024-10174 · Iptraf-Ng +3 · Iptraf-Ng +3

Name of the Vulnerable Software and Affected Versions: iptraf-ng version 1.2.1 Description: The issue is related to a stack-based buffer overflow in the iptraf-ng utility, which can be exploited by a remote attacker to execute arbitrary code. This occurs due to the strcpy function in src/ifaces.c...

EUVD-2024-40384

Windows KDC Proxy Remote Code Execution Vulnerability...

PT-2024-7609 · Qurouter · Qurouter

Name of the Vulnerable Software and Affected Versions: QuRouter versions prior to 2.4.5.032 Description: A SQL injection vulnerability has been reported to affect QuRouter, allowing remote attackers to inject malicious code if exploited. The vulnerability is related to errors in processing input...

Fortinet FortiManager Access Control Error Vulnerability (CNVD-2025-00408)

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify the deployment and management of multi-device...

EulerOS Virtualization 2.12.1 : openssh (EulerOS-SA-2024-2756)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not...