CVE-2026-40550

mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An attacker with access to any running application instance connected to the backend server can extract database credentials from the application’s memory by inspecti...

CVE-2025-62776

The installer of WTW EAGLE for Windows 3.0.8.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application...

EUVD-2022-27414

Malicious code in bioql PyPI...

CVE-2022-22267

Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information...

Information disclosure

Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information...

Samsung SMR 安全漏洞

Samsung ActivityMetricsLogger is a progress measurement logger for Samsung mobile devices. An unauthorized access vulnerability exists in Samsung ActivityMetricsLogger that stems from an implicit intent hijacking scenario in ActivityMetricsLogger, which can be exploited by an attacker to obtain...

Directory traversal

A directory traversal on the /admin/searchby.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application...

CVE-2020-10583

The /admin/admapi.php script of Invigo Automatic Device Management ADM through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application...

Arbitrary Code Execution

python is vulnerable to arbitrary code execution. The vulnerability exists if an application written in Python was using the rgbimg module and loaded a specially-crafted SGI image file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user...

Arbitrary File Overwrite

Aspose.ZIP is vulnerable to arbitrary file overwrite attacks. The vulnerability exists through a path traversal vulnerability, which allows arbitrary file overwrite in the context of the running application...

Cross site scripting

Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of th...

CVE-2018-9246

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create, runfile, backup, or restore function. The vulnerability...

Updated miniupnpc packages fix security vulnerability

It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library CVE-2017-8798...

CVE-2017-11189

unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service NULL pointer dereference and application crash, which could be relevant if unrarlib is used as library code for a long-running application. NOTE: one of the several test cases in the references may be the sam...

CVE-2017-11189

unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service NULL pointer dereference and application crash, which could be relevant if unrarlib is used as library code for a long-running application. NOTE: one of the several test cases in the references may be the sam...

CVE-2017-6596

partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to launch a 'Denial of Service attack' in the context of the user running the affected application...

Scientific Linux Security Update : freetype on SL3.x, SL4.x, SL5.x i386/x86_64

Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the...

SuSE Update for pcre SUSE-SA:2007:062

Check for the Version of pcre OpenVAS Vulnerability Test $Id: gbsuse2007062.nasl 8050 2017-12-08 09:34:29Z santu $ SuSE Update for pcre SUSE-SA:2007:062 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...