17094 matches found
The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.
The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...
The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.
The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
ChanCMS <= 3.3.0 - SQL Injection
yanyutao0402 ChanCMS = 3.3.0 contains a SQL injection caused by manipulation of the "key" argument in app/modules/api/service/Api.js Search function, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request. id: CVE-2025-10210 info: name: ChanCMS = 3.3.0 - SQL...
Langflow <= 1.8.4 - Path Traversal to RCE via File Upload
The application contains a path traversal vulnerability caused by unsanitized 'filename' parameter in the 'POST /api/v2/files' multipart form data, letting attackers write files to arbitrary filesystem locations, exploit requires crafted request. id: CVE-2026-5027 info: name: Langflow = 1.8.4 -...
TYPO3 ceselector Extension - Insecure Deserialization
TYPO3 extension contains a PHP Object Injection caused by passing attacker-controlled cookie to unserialize without validation, letting remote unauthenticated attackers achieve remote code execution, exploit requires Persistent Mode: Static configuration. id: CVE-2026-46725 info: name: TYPO3...
Cuppa CMS v1.0 - Authenticated Local File Inclusion
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using function parameter value as LFI payload. id: CVE-2022-37191 info: name: Cuppa CMS v1.0 - Authenticated Local File Inclusion author: theamanrawat...
n8n >= 0.123.0 and < 1.121.3 - Remote Code Execution
n8n versions = 0.123.0 and = 0.123.0 and = 0.123.0 and 1.121.3 contain a critical authenticated remote code execution vulnerability via arbitrary file write. An authenticated user can exploit the Git node to overwrite critical files and execute untrusted code on the n8n server, potentially leadin...
CVE-2026-13385
An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middleMITM user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware '...
CVE-2026-53633
Vitest CVE-2026-53633 affects Vitest Browser Mode (3.0.0–3.2.5, 4.1.8, and 5.0.0-beta.4), where a cdp() API exposes raw Chrome DevTools Protocol methods without gates. A remote client with exposed browser API metadata can use CDP Page.setDownloadBehavior and Runtime.evaluate to overwrite vite.con...
CVE-2026-56642
Stack-based buffer overflow in Microsoft Fabric Data Warehouse allows an authorized attacker to execute code over a network...
CVE-2026-56642 Microsoft Fabric Data Warehouse Remote Code Execution Vulnerability
...
CVE-2026-55017
Mode C: CVE-2026-55017 is a heap-based buffer overflow affecting Microsoft Office, enabling a local attacker to execute code. The available connected documents confirm this vulnerability within Microsoft Office products (Office components cited in the NCSC advisory and multiple CVE trackers). Roo...
CVE-2026-55017 Microsoft Office Remote Code Execution Vulnerability
...
CVE-2026-50314 Microsoft Office Remote Code Execution Vulnerability
...
CVE-2026-50309 Windows NTFS Remote Code Execution Vulnerability
...
CVE-2026-54992 Microsoft Message Queuing Queue Manager Remote Code Execution Vulnerability
...
Windows OLE Remote Code Execution Vulnerability
Access of resource using incompatible type 'type confusion' in Windows OLE allows an unauthorized attacker to execute code over a network...
Apache Unomi <1.5.2 - Remote Code Execution
Apache Unomi allows conditions to use OGNL and MVEL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process. This vulnerability affects all versions of Apache Unomi prior to 1.5.2. id:...
Apache Spark - Authentication Bypass
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...
DELMIA Apriso - Command Injection
An Improper Control of Generation of Code code injection / file upload → RCE vulnerability affecting DELMIA Apriso Release 2020 → Release 2025. When an authenticated user can upload files and the upload handler fails to canonicalize filenames or enforce storage restrictions, an attacker may place...