CVE-2025-20888

Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability...

PT-2025-4163 · Unknown · Libsthmbc.So

Name of the Vulnerable Software and Affected Versions: libsthmbc.so versions prior to SMR Jan-2025 Release 1 Description: The issue is an out-of-bounds write in accessing a buffer that stores decoded video frames. This allows local attackers to execute arbitrary code with privilege, but user...

PT-2025-4172 · Unknown · Libsthmbc.So

Name of the Vulnerable Software and Affected Versions: libsthmbc.so versions prior to SMR Jan-2025 Release 1 Description: The issue is related to an out-of-bounds write in the decoding frame buffer in libsthmbc.so. This allows local attackers to execute arbitrary code with privilege. User...

CVE-2025-21107

Dell NetWorker, versions prior to 19.11.0.3, all versions of 19.10 & prior versions contains an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...

CVE-2024-57510

Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4MemoryByteStream::WritePartial...

CVE-2024-57509

Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4File::ParseStream and related functions...

CVE-2024-57510

Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4MemoryByteStream::WritePartial...

CVE-2025-24479

A Local Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to a default setting in Windows and allows access to the Command Prompt as a higher privileged user...

CVE-2025-24479

CVE-2025-24479 affects Rockwell Automation FactoryTalk View Machine Edition (FactoryTalk View ME) and related FactoryTalk components. The issue is a Local Code Execution vulnerability stemming from a Windows default setting that allows access to the Command Prompt as a higher-privileged user. Imp...

IBM Sterling B2B Integrator 代码问题漏洞

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions, and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A code issue vulnerability exist...

PT-2025-5369 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: A Local Code Execution issue exists due to a default setting in Windows, allowing access to the Command Prompt as a higher privileged user. This issue is related to insufficient authorizati...

Adobe Photoshop node_modules Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Photoshop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the...

CVE-2024-11139

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow local attackers to exploit these issues to potentially execute arbitrary code when opening a malicious project file...

CVE-2024-55503

An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLDINSERTLIBRARIES component...

UBUNTU-CVE-2024-55503

An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLDINSERTLIBRARIES component...

CVE-2025-22394

Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use TOCTOU Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and possibly privilege escalation...

dingfanzu 安全漏洞

dingfanzu is a php based takeaway ordering website. A SQL injection vulnerability exists in dingfanzu v1.0, which stems from the application's lack of validation of externally entered SQL statements. A local attacker can exploit this vulnerability to execute arbitrary code via the contents of the...

PT-2025-4754 · Unknown · Dingfanzu Cms

Name of the Vulnerable Software and Affected Versions: dingfanzuCMS version 1.0 Description: The issue allows a local attacker to execute arbitrary code due to incorrect filtering of content at the checkOrder.php shopId module. This enables the attacker to perform SQL injection attacks...

CVE-2022-27595

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...

Siemens Engineering Platforms

SUMMARY Affected products contain a local arbitrary code execution vulnerability that could allow an attacker to perform actions against the operation system of that environment. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet...