Google Chrome Code Execution Vulnerability (CNVD-2025-05092)

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in versions of Google Chrome prior to 132.0.6834.83, which can be exploited by an attacker to execute arbitrary code on a system...

Qsync Central Path Traversal / Information Disclosure

Qsync Central suffers from a symlink attack via an uploaded zip file that results in traversal and information disclosure. Qsync Central versions 4.4.0.1620240819 2024/08/19 and later address this issue. https://packetstorm.news/download/188634...

CISA: OBP Fact Sheet

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

CISA: Jack Rabbit II Update and Impacts

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability (CNVD-2025-01189)

Microsoft Windows Remote Desktop Services is a collection of features from Microsoft USA that allow users to remotely access graphical desktops and Windows applications. A remote code execution vulnerability exists in Microsoft Windows Remote Desktop Services, which is caused by a flaw in the...

CVE-2024-41712

Affected software: Mitel MiCollab Web Conferencing Component. Issue: input validation failure in MiCollab up to version 9.8.1.5 enabling an authenticated, local attacker to perform a command injection and run arbitrary commands in the user context. Exploitation status: not stated as active in pro...

CVE-2024-9397

A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox 131, Firefox ESR 128.3, Thunderbird 128.3, and Thunderbird 131...

Heap Buffer Overflow

Libde265 is vulnerable to a Heap Buffer Overflow. The vulnerability is due to improper handling of a crafted payload that can cause a crash via the interceptormemcpy function, allowing an attacker to exploit the system...

Use After Free

qt6-qtwebengine is vulnerable to Use after Free. The vulnerability is due to heap corruption caused by a crafted HTML page, which allows an attacker to exploit the system...

Google Chrome Code Execution Vulnerability (CNVD-2024-38584)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that stems from a post-release reuse vulnerability in Dawn. An attacker can exploit this vulnerability to execute arbitrary code on the system...

Google Chrome Code Execution Vulnerability (CNVD-2024-29287)

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome, which can be exploited by an attacker to execute arbitrary code on a system...

CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability (CNVD-2024-25654)

Microsoft OLE DB Driver for SQL Server is a standalone data access application programming interface API for OLE DB. A remote code execution vulnerability exists in Microsoft OLE DB Driver for SQL Server, which can be exploited by an attacker to execute arbitrary code on the system...

llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution

A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...

CVE-2024-3098

Summary: CVE-2024-3098 affects the llama_index package, specifically the exec_utils.safe_eval function. The issue enables prompt injection that can lead to arbitrary code execution due to insufficient input validation, effectively bypassing prior constraints (CVE-2023-39662). A validated PoC demo...

Foxit PDF Reader and Foxit PDF Editor Code Execution Vulnerability (CNVD-2024-29757)

Foxit PDF Reader is a PDF reader from China Foxit Foxit.Foxit PDF Editor is a PDF editor from China Foxit Foxit. A code execution vulnerability exists in Foxit PDF Reader and Foxit PDF Editor, which can be exploited by an attacker to execute arbitrary code on the system...

FFmpeg Command Execution Vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A command execution vulnerability exists in versions of Ffmpeg prior to n6.1, which can be exploited by an attacker to execute arbitrary commands on a system...

NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit

/ Exploit Title: NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit Date: Jun 2007 Exploit Author: mu-b Vendor Homepage: https://www.microfocus.com/en-us/cyberres/identity-access-management Version: All Tested on: Windows / Solaris x86/SPARC CVE : 0day endpoint-pown-uni.c...

CVE-2022-34462

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contains a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges...

PT-2022-4139 · Rockwell Automation · Isagraf Workbench

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 Description: The issue is related to a Path Traversal vulnerability, where crafted malicious files can allow an attacker to traverse the file system when opened by...