CVE-2025-47726

The CVE-2025-47726 entry concerns Delta Electronics CNCSoft and an out-of-bounds write caused by improper validation of user-supplied files. If a user opens a malicious file, an attacker could execute code in the context of the current process (local code execution). The available connected sourc...

CVE-2025-47725 Out-of-bounds Write in CNCSoft

Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

CVE-2025-47725 Out-of-bounds Write in CNCSoft

Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

Command Execution Vulnerability in Cube OCS Management System of Hangzhou Cube Holding Co.

Cube OCS Management System is an access control management platform, mainly used for enterprise production management and access control scenarios. A command execution vulnerability exists in the Cube OCS Management System of Hangzhou Cube Holding Company Limited, which can be exploited by an...

Command Execution Vulnerability in Panabit Log Audit System of Beijing Paiwang Software Co.

Beijing PaiNet Software Co., Ltd. is a technology company focusing on providing network application layer solutions for the government and enterprise industries. A command execution vulnerability exists in the panabit log auditing system of Beijing Pai Networks Software Co. Ltd, which can be...

CVE-2025-45854

JEHC-BPM contains a Remote Code Execution vulnerability in the /server/executeExec endpoint. The issue affects JEHC-BPM

CVE-2024-57337

An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file...

Command Execution Vulnerability in Tianrongxin Internet Behavior Management System of Beijing Tianrongxin Technology Co.

Tianrongxin Internet Behavior Management System is a network behavior management product designed to meet the needs of various industries for network behavior management and content auditing. Beijing Tianrongxin Technology Co., Ltd Tianrongxin Internet Behavior Management System has a command...

[SECURITY] [DSA 5930-1] libavif security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5930-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 29, 2025 https://www.debian.org/security/faq -...

CVE-2025-27151

CVE-2025-27151 affects Redis releases from 7.0.0 up to before 8.0.2. Root cause: a stack-based buffer overflow in redis-check-aof caused by copying a user-supplied filepath into a fixed-size stack buffer using memcpy with strlen(filepath). Potential for code execution as described in the sources....

CVE-2025-3357 IBM Tivoli Monitoring code execution

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array...

CVE-2024-57338

The CVE-2024-57338 entry affects M2Soft CROWNIX Report & ERS. Affected versions include 5.x up to 5.5.14.1070, 7.x up to 7.4.3.960, and 8.x up to 8.2.0.345. The vulnerability is an arbitrary file upload that allows execution of arbitrary code via a crafted file. The issue is caused by insecure fi...

CVE-2025-2146

Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera MF656Cdw/Satera MF654Cdw/Satera...

CVE-2024-52800

veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...

CVE-2024-47963

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process...

CVE-2024-47962

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current...

CVE-2024-46475

A reflected cross-site scripting XSS vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

CVE-2024-41361

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution RCE vulnerability via htdocs\manageFilesFolders.php...

CVE-2024-42978

An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request...

CVE-2024-43111

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS 129...