58 matches found
EUVD-2025-9129
Malicious code in bioql PyPI...
CVE-2025-54072
yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...
CVE-2025-43711
Tunnelblick 3.5beta06 before 7.0 is vulnerable to arbitrary code execution as root on the next boot when a crafted Tunnelblick.app is dragged into /Applications, due to incomplete uninstallation. Affected: Tunnelblick versions 3.5beta06–7.0 (per conflicting sources). Remediation: upgrade to a new...
GHSA-24WV-6C99-F843 Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
Impact Using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code, without being authenticated. With the ability to execute arbitrary code, this vulnerability can be exploited in an infinite number of ways. It could be used t...
CVE-2023-43661
Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch...
CVE-2023-37473
zenstruck/collections is a set of helpers for iterating/paginating/filtering collections. Passing callable strings ie system caused the function to be executed. This would result in a limited subset of specific user input being executed as if it were code. This issue has been addressed in commit...
CVE-2023-35839
A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload...
CVE-2023-43364
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution...
CVE-2021-34182
An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions...
CVE-2021-29369
The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands...
CVE-2020-9580
Magento versions 2.3.4 and earlier, 2.2.11 and earlier see note, 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution...
CVE-2013-0685
Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service resource consumption via unknown vectors...
CVE-2025-30379
Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
CVE-2025-29823
The CVE-2025-29823 entry describes a use-after-free vulnerability in Microsoft Excel (part of Microsoft Office) that enables local arbitrary code execution. The initial description states an unauthorized attacker could execute code locally due to the flaw. Connected documents corroborate exposure...
CVE-2024-27781
CVE-2024-27781 is an XSS vulnerability in Fortinet FortiSandbox products due to improper neutralization of input during web page generation. The issue affects FortiSandbox versions 3.0.0–3.2.x, 4.0.0–4.0.4, 4.2.0–4.2.6, and 4.4.0–4.4.4, allowing an authenticated attacker to execute unauthorized c...
GO-2024-2763 Heketi Arbitrary Code Execution in github.com/heketi/heketi
Heketi Arbitrary Code Execution in github.com/heketi/heketi...
BIT-DOTNET-2024-21409 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability...
GitHub: CVE-2024-32004 Remote Code Execution while cloning special-crafted local repositories
...
CVE-2024-24581
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds write...
MGASA-2024-0106 Updated unixODBC packages fix security vulnerability
It was discovered that unixODBC incorrectly handled certain bytes. An attacker could use this issue to execute arbitrary code or cause a crash...