USN-8359-1: NNCP vulnerability

It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote attacker could possibly use this issue to read or write arbitrary files outside of the intended directory...

EUVD-2026-12766

FUXA Unauthenticated Remote Arbitrary Device Tag Write...

CVE-2025-67707

Summary: CVE-2025-67707 affects ArcGIS Server 11.5 and earlier on Windows and Linux. The vulnerability arises from improper validation of uploaded files, allowing remote attackers to upload arbitrary files. The exploit is mitigated by server-side controls that prevent execution of uploaded conten...

CVE-2025-67706

ArcGIS Server versions 11.5 and earlier on Windows and Linux have an input-validation flaw in uploaded files. The vulnerability arises from not properly validating uploaded content, enabling remote file uploads. Exploitation is constrained by server-side controls that prevent execution of uploade...

CVE-2025-21042

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code...

SAMSUNG Gaming Hub 安全漏洞

SAMSUNG Gaming Hub is a gaming center application from Samsung South Korea. A security vulnerability exists in SAMSUNG Gaming Hub versions prior to 7.1.03.7 that stems from improper response handling and allows remote attackers to initiate arbitrary activity...

CVE-2018-9411

In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2018-9341

In impeg2dmcfullxfully of impeg2dmc.c there is a possible out of bound write due to missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2023-39480

Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this...

PT-2024-20423 · Unknown · Employee Management System

Name of the Vulnerable Software and Affected Versions: Employee Management System version 1.0 Description: The issue allows a remote attacker to execute arbitrary code via the "edit-photo.php" component. This is due to an Unrestricted File Upload vulnerability. Recommendations: For Employee...

CVE-2024-0955 Stored XSS vulnerability

A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts...

[R1] Nessus Version 10.7.0 Fixes Multiple Vulnerabilities

R1 Nessus Version 10.7.0 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 02/06/2024 - 11:07 Two separate vulnerabilities were discovered, reported and fixed: A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could...

PT-2023-8435 · Ibm · Ibm I Access Client Solutions

Name of the Vulnerable Software and Affected Versions: IBM i Access Client Solutions versions 1.1.2 through 1.1.4 IBM i Access Client Solutions versions 1.1.4.3 through 1.1.9.3 Description: The issue is related to insufficient authorization procedure in the IBM i Access Client Solutions, allowing...

CVE-2023-39238 ASUS RT-AX55、RT-AX56U_V2 - Format String - 1

It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its setiperf3svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution,...

DEBIAN-CVE-2022-4906

Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

Format string

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessagenormal function, in the dodetwancgi module of httpd. An unauthenticated remote attacker without privilege can...

Debian: Security Advisory (DSA-5413-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-3406-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Siemens SCALANCE W1750D Command Injection (CVE-2021-37732)

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant IAP versions: Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and below; Aruba Instant...

Siemens SCALANCE W1750D Command Injection (CVE-2021-37730)

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant IAP versions: Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant...