CVE-2019-25733

NetShareWatcher 1.5.8.0 contains a structured exception handler (SEH) buffer overflow in which a malicious input in the Restrictions custom filter field can overwrite SEH/NSEH pointers and cause code execution when Find is invoked. This is a local vulnerability with high impact (CVSSv3.1/8.4, CVS...

CVE-2019-25733 NetShareWatcher 1.5.8.0 SEH Buffer Overflow

NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft a payload with overwritten SEH and NSEH pointers through the Restrictions custom filter field to...

CVE-2019-25733 NetShareWatcher 1.5.8.0 SEH Buffer Overflow

NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft a payload with overwritten SEH and NSEH pointers through the Restrictions custom filter field to...

EUVD-2019-20169

NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft a payload with overwritten SEH and NSEH pointers through the Restrictions custom filter field to...

CVE-2019-25733

NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft a payload with overwritten SEH and NSEH pointers through the Restrictions custom filter field to...

CVE-2019-25729 PDF Signer 3.0 Server-Side Template Injection RCE via CSRF Cookie

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shellex...

CVE-2019-25729 PDF Signer 3.0 Server-Side Template Injection RCE via CSRF Cookie

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shellex...

EUVD-2019-20165

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shellex...

CVE-2019-25729

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shellex...

CVE-2019-25729

CVE-2019-25729 : PDF Signer 3.0 is affected by a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code via the CSRF-TOKEN cookie parameter. Attackers can craft cookie values containing template payloads (e.g., shell_exec()) to run system comm...

Important: Red Hat Security Advisory: redis security update

An update for redis is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

CVE-2026-8037

CVE-2026-8037 affects Progress LoadMaster and related ADC components (ECS Connection Manager, Object Scale Connection Manager, MOVEit WAF). The vulnerability is an OS command injection in the API where unsanitized input in multiple command endpoints allows an unauthenticated attacker to execute a...

CVE-2026-8037 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

EUVD-2026-34260

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

CVE-2026-8037

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

Security Bulletin: Security Vulnerabilities have been identified in IBM WebSphere Application Server bundled with IBM Financial Transaction Manager for Check Services

Summary IBM WebSphere Application Server is bundled with IBM Financial Transaction Manager v3.0.5.4. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

kernel: netfilter: nf_tables: release flowtable after rcu grace period on error

A flaw was found in the Linux kernel's netfilter component, specifically within the nftables subsystem. An error in releasing a flowtable after an RCU Read-Copy-Update grace period could lead to a use-after-free vulnerability. This issue could expose the flowtable to the packet path and...

WordPress RD Station plugin <= 5.6.0 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by ParkHyunWoo in WordPress Plugin RD Station versions = 5.6.0...

CVE-2026-45431

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...