4202 matches found
CVE-2025-27400
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admi...
CVE-2025-27400 Magento vulnerable to stored XSS in theme config fields
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admi...
Mautic Arbitrary File Upload Vulnerability
Mautic is an open source marketing automation application. An arbitrary file upload vulnerability exists in Mautic versions prior to 5.2.3, which stems from insufficient validation of uploaded file extensions and improper handling of file paths. An attacker can exploit this vulnerability to uploa...
CVE-2025-22881 Heap-based Buffer Overflow in CNCSoft-G2
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current...
CVE-2025-25796
SeaCMS v13.3 was discovered to contain a remote code execution RCE vulnerability via the component admintemplate.php...
Amazon Linux 2023 : emacs, emacs-common, emacs-devel (ALAS2023-2025-849)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-849 advisory. In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that...
CVE-2025-27146 Matrix IRC Bridge allows IRC command injection to own puppeted user
matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability h...
openSUSE Security Advisory (SUSE-SU-2024:2906-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-27294 WordPress WP-Asambleas plugin <= 2.85.0 - Arbitrary Shortcode Execution vulnerability
Missing Authorization vulnerability in platcom WP-Asambleas wp-asambleas allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Asambleas: from n/a through = 2.85.0...
Microsoft Visual Studio Code Execution Vulnerability (CNVD-2026-00042)
Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. A code execution vulnerability exists in Microsoft Visual Studio, which can be exploited by an...
CVE-2025-21105
Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down t...
CVE-2025-25766
An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file...
Security Updates for Microsoft SQL Server (July 2024)
The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2024-20701,...
CVE-2025-21105
Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down t...
Command Execution Vulnerability in Internet Behavior Management System of Tianrongxin Technology Group Co.
Tianrongxin Technology Group Co., Ltd. is a high-tech enterprise focusing on network security and cloud computing solutions. A command execution vulnerability exists in the Internet behavior management system of Tianrongxin Technology Group Company Limited, which can be exploited by attackers to...
CVE-2024-28777 IBM Cognos Controller code execution
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in th...
Ubuntu: Security Advisory (USN-7271-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Adobe InDesign Code Execution Vulnerability (CNVD-2025-03642)
Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. A code execution vulnerability exists in Adobe InDesign that can be exploited by an attacker to execute arbitrary code in the current user's environment...
Exploit for CVE-2024-42327
CVE-2024-42327: Zabbix Privilege Escalation - RCE Descrip...
CVE-2025-0593 SICK Lector8xx and InspectorP8xx vulnerable for code execution
The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by using lower-level functions to interact with the device...