4205 matches found
FNT Command 安全漏洞
FNT Command is a data center infrastructure management platform from FNT Germany. A security vulnerability exists in FNT Command version 13.4.0, which stems from a code execution vulnerability in the C Base Module...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-30657)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
CVE-2025-65471
An arbitrary file upload vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via uploading a crafted PHP file...
xbtitFM 代码问题漏洞
xbtitFM is a BitTorrent tracker software by the individual developer of xbtitFM. A code issue vulnerability exists in xbtitFM version 4.1.18, which stems from an insecure file upload in the filehosting function that could lead to the execution of arbitrary PHP code...
Dell PowerScale OneFS 8.2.2 <= 9.5.0.8 / 9.6.0.0 <= 9.7.0.2 Escalation of Privileges (DSA-2024-255)
The Dell PowerScale OneFS on the remote device is missing a security patch and is, therefore, affected by escalation of privileges vulnerability: - Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacke...
Zenitel TCIV-3+ 跨站脚本漏洞
Zenitel TCIV-3+ is an IP intercom terminal from Zenitel Norway. The Zenitel TCIV-3+ suffers from a cross-site scripting vulnerability that stems from reflective cross-site scripting, which could lead to a remote attacker executing arbitrary JavaScript in the victim's browser...
TencentOS Server 3: .NET 6.0 (TSSA-2023:0179)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0179 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CVE-2025-65099
CVE-2025-65099 – Claude Code pre‑startup trust bypass via Yarn 3.x plugins is raised for Claude Code prior to 1.0.39. The issue allowed code execution from a project directory by exploiting Yarn 3.0+ plugins before the startup trust dialog was accepted. Affected scenario required running Claude C...
Updated yelp & yelp-xsl packages fix security vulnerability
The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. CVE-2025-3155...
Microsoft Office Code Execution Vulnerability (CNVD-2026-00027)
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...
Advisory ROSA-SA-2025-3050
Software: expat 2.2.5 OS: ROSA Virtualization 3.1 unaffected versions = expat-2.2.5-17.0.1.rv31 affected versions expat-2.2.5-17.0.1.rv31 CVE-ID: CVE-2019-15903 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to incorrect restriction of xml...
EUVD-2020-30818
Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...
Ruijie EG Series和Ruijie NBR Series 安全漏洞
Ruijie EG Series and Ruijie NBR Series are a series of next-generation security gateway products from China's Ruijie. A security vulnerability exists in the Ruijie EG Series and Ruijie NBR Series that originates from a code execution vulnerability in the EWEB management system that could result i...
CVE-2025-43990
Dell Command Monitor (DCM) prior to version 10.12.3.28 is affected by an Execution with Unnecessary Privileges vulnerability. A local, low-privilege attacker could potentially escalate privileges on impacted systems. The issue is documented across multiple sources (Dell/Dell Knowledge Base, Red H...
Execution with Unnecessary Privileges
Overview Affected versions of this package are vulnerable to Execution with Unnecessary Privileges via the /api/v2/dagReports endpoint. An attacker can execute arbitrary code in the context of the API server by submitting malicious DAG code through the API. Note: This is only exploitable if the A...
CVE-2025-61932
Lanscope Endpoint Manager On-Premises Client program MR and Detection agent DA improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets...
HCL AION code execution vulnerability (CNVD-2026-16411)
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a code execution vulnerability that is caused due to a flaw in the content security policy. An attacker can exploit the vulnerability to execute arbitrary scripts inline...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-24447)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
Microsoft Office Visio Code Execution Vulnerability (CNVD-2026-00030)
Microsoft Office Visio is a U.S. Microsoft Microsoft Office software series responsible for drawing flowcharts and schematic diagrams in the software. A code execution vulnerability exists in Microsoft Office Visio, which can be exploited by an attacker to execute arbitrary code on a system...
CVE-2025-55072
Stored cross-site scripting XSS vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser...