NETGEAR R6220 Command Execution Vulnerability

The NETGEAR R6220 is a wireless router from NETGEAR. The NETGEAR R6220 suffers from a command execution vulnerability that is due to improper access control. An attacker could exploit the vulnerability to execute arbitrary commands on the system...

CVE-2022-41537

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /useroperations/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

PT-2022-25923 · Unknown · Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: Online Tours & Travels Management System version 1.0 Description: The issue allows attackers to execute arbitrary code via a crafted PHP file, exploiting an arbitrary file upload vulnerability in the /user operations/profile.php component...

CVE-2022-42154

An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file...

Magento Open Source allows Stored Cross-Site Scripting (Stored XSS)

Adobe Commerce versions 2.4.3-p3 and earlier, 2.4.4-p1 and earlier and 2.4.5 and earlier are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution...

PT-2022-25806 · Autodesk · Designreview.Exe

Name of the Vulnerable Software and Affected Versions: DesignReview.exe affected versions not specified Description: A maliciously crafted PCT file consumed through the DesignReview.exe application could lead to memory corruption by write access violation. This issue, in conjunction with other...

CVE-2022-41538

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photosadd.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-42902

In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...

Microsoft Word Code Execution Vulnerability (CNVD-2025-17489)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

PT-2022-5052

Name of the Vulnerable Software and Affected Versions Apache Commons Text versions 1.5 through 1.9 Description The issue concerns a vulnerability in Apache Commons Text that allows for variable interpolation, enabling properties to be dynamically evaluated and expanded. The standard format for...

CVE-2022-41533

Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /phpaction/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-41534

Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /phpaction/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-33921

Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context...

Fortinet FortiOS Command Execution Vulnerability

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, a US-based company. The system provides users with a variety of security features such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam.Fortinet FortiOS ha...

PYSEC-2022-43077

The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...

Microsoft Office Graphics Remote Code Execution Vulnerability

...

CVE-2022-42038

The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...

CVE-2022-41384

The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0...

Omron CX-Programmer 缓冲区错误漏洞

Omron CX-Programmer is a PLC Programmable Logic Controller programming software from Omron Japan. A buffer error vulnerability exists in Omron CX-Programmer version 9.78 and earlier, which stems from vulnerability to out-of-bounds writes, which could allow an attacker to execute arbitrary code...

The vulnerability of the NetKit-rsh remote execution program, related to deficiencies in access control, allows a perpetrator to compromise data integrity and cause service failures.

The vulnerability of the NetKit-rsh remote execution program lies in the fact that it only performs a superficial check on the object’s return value. Exploiting this vulnerability allows an attacker to compromise data integrity and also cause service failures through the malicious rsh server...