USN-8359-1: NNCP vulnerability

It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote attacker could possibly use this issue to read or write arbitrary files outside of the intended directory...

EUVD-2026-12766

FUXA Unauthenticated Remote Arbitrary Device Tag Write...

CVE-2025-67707

ArcGIS Server versions 11.5 and earlier on Windows and Linux are affected by an input validation issue: uploaded files are not properly validated, allowing remote unauthenticated attackers to upload arbitrary files to designated upload directories. The server architecture restricts uploaded files...

CVE-2025-67706

ArcGIS Server (Windows/Linux) 11.5 and earlier exposes a vulnerability where uploaded files are not properly validated, allowing remote unauthenticated arbitrary file uploads to designated directories. The server architecture prevents execution of uploaded files and enforces non-executable storag...

CVE-2025-21042

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of website structures, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the formWlSiteSurvey() function in TOTOLINK A702R router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the formWlSiteSurvey function in TOTOLINK A702R router microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the Adobe Experience Manager content and media data management system, related to the lack of measures taken to protect the website structure, allows a perpetrator to execute arbitrary code.

The vulnerability of the Adobe Experience Manager content and media data management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the customerview.php file in the tailoring management system allows a hacker to execute arbitrary SQL code.

The vulnerability of the customerview.php file in the tailoring management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary SQL code...

The vulnerability of TP-Link M7650 4G LTE Mobile Wi-Fi Router’s microprogramming software lies in the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of TP-Link M7650 4G LTE Mobile Wi-Fi Router’s microprogramming software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing specially crafted SQL code remotel...

SAMSUNG Gaming Hub 安全漏洞

SAMSUNG Gaming Hub is a gaming center application from Samsung South Korea. A security vulnerability exists in SAMSUNG Gaming Hub versions prior to 7.1.03.7 that stems from improper response handling and allows remote attackers to initiate arbitrary activity...

CVE-2018-9411

In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2018-9341

In impeg2dmcfullxfully of impeg2dmc.c there is a possible out of bound write due to missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation...

The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

CVE-2023-39480

Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this...

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes, related to the failure to protect the SQL request structure, allows attackers to execute arbitrary SQL queries.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management functions is related to the lack of measures taken to protect the SQL request structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

PT-2024-20423 · Unknown · Employee Management System

Name of the Vulnerable Software and Affected Versions: Employee Management System version 1.0 Description: The issue allows a remote attacker to execute arbitrary code via the "edit-photo.php" component. This is due to an Unrestricted File Upload vulnerability. Recommendations: For Employee...

CVE-2024-0955 Stored XSS vulnerability

A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts...

[R1] Nessus Version 10.7.0 Fixes Multiple Vulnerabilities

R1 Nessus Version 10.7.0 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 02/06/2024 - 11:07 Two separate vulnerabilities were discovered, reported and fixed: A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could...

The vulnerability of the API PUT Request Handler component of the software platform based on Git, which is used for collaborative code development in GitLab, allows a malicious actor to execute arbitrary API PUT requests.

The vulnerability of the API PUT Request Handler component of the software platform based on Git for collaborative code development on GitLab exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows an attacker to execute arbitrary API PUT...