CVE-2024-54024

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests...

Rockwell Automation Arena 缓冲区错误漏洞

Rockwell Automation Arena is a discrete-event simulation and automation software from Rockwell Automation USA. A local code execution vulnerability exists in Rockwell Automation Arena due to improper validation of user-supplied data. An attacker could exploit the vulnerability to disclose...

Rockwell Automation Arena 安全漏洞

Rockwell Automation Arena is a discrete-event simulation and automation software from Rockwell Automation USA. A local code execution vulnerability exists in Rockwell Automation Arena due to improper validation of user-supplied data. An attacker could exploit the vulnerability to disclose...

Microsoft Office 资源管理错误漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

APSB25-32 : Security update available for Adobe Experience Manager Screens

Adobe has released security updates for AEM Screens. This vulnerability resolves an important vulnerability that could lead to arbitrary code execution...

Security Updates for Microsoft Access Products (April 2025)

The Microsoft Access Products are missing a security update. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for this issue but has instead relie...

PT-2025-15444 · Rockwell Automation · Rockwell Automation Arena

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena affected versions not specified Description: A local code execution issue exists due to an uninitialized pointer, resulting from improper validation of user-supplied data. If exploited, a threat actor can disclose...

Exploit for Unrestricted Upload of File with Dangerous Type in Etoilewebdesign Front_End_Users

WordPress FEUP Arbitrary File Upload Exploit CVE-2025-2005 T...

CVE-2025-2243

A server-side request forgery SSRF vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue...

CVE-2025-32118

CVE-2025-32118 affects the CMP – Coming Soon & Maintenance Plugin by NiteoThemes. The connected data specifies an Authenticated Arbitrary File Upload (unrestricted file upload) vulnerability, enabling malicious file uploads by an attacker with admin-level privileges. The CVSSv3.1 base score is 9....

CVE-2025-29062

An issue in BL-AC2100 =V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the setLimitClientcfg of the goahead webservice...

Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution...

CVE-2025-31132

Raven is an open-source messaging platform. A vulnerability allowed any logged in user to execute code via an API endpoint. This vulnerability is fixed in 2.1.10...

CVE-2025-31722

In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...

CVE-2025-31722

In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...

CVE-2024-39780 Use of unsafe yaml load in dynparam

A YAML deserialization vulnerability was found in the Robot Operating System ROS 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load functi...

CVE-2025-31132

Raven is an open-source messaging platform. A vulnerability allowed any logged in user to execute code via an API endpoint. This vulnerability is fixed in 2.1.10...

CVE-2025-31132 Raven allows Remote Code Execution due to improper validation

Raven is an open-source messaging platform. A vulnerability allowed any logged in user to execute code via an API endpoint. This vulnerability is fixed in 2.1.10...

CVE-2025-30672 Mite for Perl generates code with an untrusted search path vulnerability

Mite for Perl before 0.013000 generates code with the current working directory '.' added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code...

MetaCPAN Sub::HandlesVia 代码问题漏洞

MetaCPAN Sub::HandlesVia is a library of the MetaCPAN Foundation. A code issue vulnerability exists in versions prior to MetaCPAN Sub::HandlesVia 0.050002 that stems from allowing untrusted code to be loaded from the current working directory, which could lead to the execution of arbitrary code...