4198 matches found
CVE-2026-40403
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally...
CVE-2026-40366
Access of resource using incompatible type 'type confusion' in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-40364
Access of resource using incompatible type 'type confusion' in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-40361
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-40363
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-40359
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
CVE-2026-35421
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally...
CVE-2026-40367
Access of resource using incompatible type 'type confusion' in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2026-40358
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-40362
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
CVE-2020-37221
Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Clock configuration. Attackers can craft a buffer with structured exception handling overwrite and...
NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh
NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh vulnerability discovered by ? in WordPress Npm claude-code-cache-fix versions = 3.5.0, 3.5.2...
claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh
Summary tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user...
GHSA-G3XQ-3GMV-QQ8G claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh
Summary tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user...
CVE-2020-37221
Atomic Alarm Clock 6.3 is affected by a local, stack-overflow vulnerability in the Time Zones Clock configuration display name field. The issue arises from a crafted string causing a SEH overwrite with encoded shellcode, potentially bypassing SafeSEH protections and leading to arbitrary code exec...
CVE-2026-21018
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code...
CVE-2026-21019
Improper input validation in FacAtFunction in Galaxy Watch prior to SMR May-2026 Release 1 allows local attacker to execute arbitrary code with system privilege...
CVE-2026-21019
Improper input validation in FacAtFunction in Galaxy Watch prior to SMR May-2026 Release 1 allows local attacker to execute arbitrary code with system privilege...
Drive Software Atomic Alarm Clock 安全漏洞
Drive Software Atomic Alarm Clock is a desktop enhancement tool developed by Drive Software. Version 6.3 of Drive Software Atomic Alarm Clock contains a security vulnerability. This vulnerability stems from a stack overflow issue, which could allow local attackers to execute arbitrary code by...
EUVD-2026-29664
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally...