Johnson Controls CEM AC2000

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a standard user to escalate privileges on the host machine. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for...

SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine...

CVE-2025-12556

An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine...

EUVD-2018-17203

Malware in sbrugna...

EUVD-2020-0626

Malware in sbrugna...

EUVD-2018-17204

Malware in sbrugna...

EUVD-2021-21888

Malware in sbrugna...

EUVD-2021-2338

Malware in sbrugna...

EUVD-2017-14015

Malware in sbrugna...

EUVD-2022-0867

Malicious code in bioql PyPI...

EUVD-2021-32230

Malicious code in bioql PyPI...

CVE-2025-41237

VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI Virtual Machine Communication Interface that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX...

CVE-2023-38743

Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...

CVE-2021-45464

kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute arbitrary code on the host machine...

GHSA-9R4C-JWX3-3J76 WhoDB has a path traversal opening Sqlite3 database

Summary While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the application is running on. Details WhoDB allows use...

Arbitrary Code Injection

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Arbitrary Code Injection through any components that provided the code functionality running on the local machine rather than a sandboxed environment. An attacker can execu...

CVE-2024-41585

DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine...

CVE-2024-41585

DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine...

CVE-2024-41585

DrayTek Vigor3910 devices up to version 4.3.2.6 are affected by an OS command injection in the recvCmd binary, allowing an attacker to escape the emulated instance and inject commands into the host. This vulnerability enables arbitrary command execution with high impact to confidentiality, integr...

CVE-2024-28986 SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce...