590816 matches found
PT-2026-49191
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where the application fails to intercept certain dangerous interfaces when executing JavaScript scripts embedded in PDF files within the sandbox...
CVE-2026-30120
remotion-dev remotion v4.0.409 was discovered to contain a remote code execution RCE vulnerability...
CVE-2026-36933
An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature...
CVE-2025-56814
A code injection vulnerability in the wxExecute function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters...
PT-2026-49607
Name of the Vulnerable Software and Affected Versions LangBot affected versions not specified Description A critical flaw in the MCP STDIO implementation allows for remote code execution within AI pipelines. Recommendations At the moment, there is no information about a newer version that contain...
ROS-20260615-73-0006
The vulnerability in freerdp3 is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
ROS-20260615-73-0005
The vulnerability in freerdp is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
ROS-20260615-73-0001
The vulnerability in freerdp is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
ROS-20260615-73-0002
The vulnerability in freerdp3 is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
PT-2026-49324
Name of the Vulnerable Software and Affected Versions matze wastebin version 3.4.1 Description An HTML injection issue in the /src/highlight.rs component allows attackers to execute arbitrary scripts using a crafted payload. HTML injection is a process where an attacker inserts malicious HTML cod...
GeoVision GV-VMS V20 WebCam Server stack overflow vulnerabilities
Summary Multiple exploitable stack overflow vulnerabilities exist in the WebCam Server functionality of GV-VMS V20 versions: 20.0.2. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities...
GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability
Summary A stack overflow vulnerability exists in the WebCam Server Login functionality of GV-VMS V20 versions: 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. Confirmed Vulnerable...
ROS-20260615-73-0003
The vulnerability in freerdp is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
ROS-20260615-73-0004
The vulnerability in freerdp3 is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
ROS-20260615-73-0041
The vulnerability of the yuvensurebuffer function in the RDP client FreeRDP is related to incorrect calculations of the size of the buffer allocated. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted NAL packets...
PT-2026-49299
Name of the Vulnerable Software and Affected Versions SNMP4J-Agent version 3.8.3 Description A remote attacker can execute arbitrary code through the snmp4jCfgStoragePath component. Recommendations At the moment, there is no information about a newer version that contains a fix for this...
CVE-2026-50883
CVE-2026-50883 refers to an HTML injection in the matze wastebin project (v3.4.1) affecting the internal component /src/highlight.rs . The root cause is not explicitly detailed beyond mention of HTML injection via a crafted payload, leading to arbitrary script execution. The vulnerability is rate...
CVE-2026-50869
CVE-2026-50869 relates to Bludit v3.19.0, where the api/plugin.php component is vulnerable to a directory traversal via a crafted request. The CVE entry documents a high-severity issue (CVSS 3.1: 9.8, CRITICAL) with network attack vector, no privileges required, and no user interaction. The affec...
CVE-2026-38329
Bludit CMS is affected pre-3.18.4. The API Plugin's POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails authorization checks and lacks file extension validation, enabling an attacker with a valid API token to upload a PHP script and execute arbitrary code on the server (Remote Code ...
CVE-2026-38329
Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...