4299 matches found
CVE-2025-7427
CVE-2025-7427 concerns an Uncontrolled Search Path Element in Arm Development Studio prior to 2025, enabling a DLL hijacking scenario that could lead to local arbitrary code execution in the user’s context. The root cause is a mismanaged search path element in Arm Development Studio, with failure...
IrfanView CADImage Plugin 缓冲区错误漏洞
IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...
CVE-2025-6231
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file...
CVE-2025-6231
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file...
CVE-2025-4657
A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code...
CVE-2025-6231
Technical details about CVE-2025-6231 are not publicly provided in the connected documents. Monitor for updates; no concrete exploit, affected versions, or fixes are described here.
Lenovo Protection Driver 安全漏洞
Lenovo Protection Driver is a hard disk protection system from Lenovo China. A security vulnerability exists in Lenovo Protection Driver prior to version 5.1.1110.4231, which stems from a buffer overflow vulnerability that could lead to the execution of arbitrary code by a local privileged user...
Stack-based Buffer Overflow
International Components for Unicode ICU is vulnerable to a Stack-based Buffer Overflow. The vulnerability is due to improper handling of the ‘subtag’ struct in the SRBRoot::addTag function while running the genrb binary, which allows an attacker to cause memory corruption and achieve local...
CVE-2025-41236
The CVE-2025-41236 issue is an integer-overflow in the VMXNET3 virtual network adapter used by VMware ESXi, Workstation, and Fusion. A local VM administrator can exploit this to execute code on the host; non‑VMXNET3 adapters are unaffected. Connected IBM advisory confirms the same vulnerability a...
CVE-2025-48805
Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally...
Local Code Execution (LCE)
helm.sh/helm/v3 is vulnerable to Local Code Execution LCE. The vulnerability is due to insufficient validation and sanitization of the Chart.yaml and Chart.lock files during dependency updates, allowing a maliciously crafted file to trigger local code execution...
AZL-64877 CVE-2025-53547 affecting package helm for versions less than 3.14.2-7
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...
CVE-2025-53547
Helm (Kubernetes package manager) before version 3.18.4 is affected by a code-execution vulnerability that arises when a specially crafted Chart.yaml content is carried over to Chart.lock during dependency updates, and the Chart.lock file is symlinked to a file that is executed (e.g., a bashrc or...
CVE-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...
CVE-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...
CVE-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...
CVE-2025-49742
Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally...
CVE-2025-49711
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
CVE-2025-49705
Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally...
CVE-2025-49702
Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally...