CVE-2022-45185

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution...

PT-2025-15288

Name of the Vulnerable Software and Affected Versions: GIMP affected versions not specified Description: The issue is related to an integer overflow in GIMP's XWD file parsing, which can lead to remote code execution. Recommendations: At the moment, there is no information about a newer version...

CVE-2024-12968 code-projects Job Recruitment _all_edits.php edit_jobpost sql injection

A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. Affected by this vulnerability is the function editjobpost of the file /parse/alledits.php. The manipulation of the argument jobtype leads to sql injection. The attack can be launched remotely. The exploit has...

CVE-2024-12963 code-projects Job Recruitment _all_edits.php add_xp sql injection

A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. Affected by this issue is the function addxp of the file /parse/alledits.php. The manipulation of the argument jobcompany leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2024-12952

CVE-2024-12952 affects melMass comfy_mtb up to 0.1.4. The vulnerability resides in the Dependency Handler’s run_command function (comfy_mtb/endpoint.py) and allows remote code injection. Public exploit details exist, and a patch is available: d6e004cce2c32f8e48b868e66b89f82da4887dc3. Affected ver...

CVE-2024-56201

Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability...

CVE-2024-12677 Delta Electronics DTM Soft Deserialization of Untrusted Data

Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code...

CVE-2024-55081

An XML External Entity XXE injection vulnerability in the component /datagrip/upload of Chat2DB v0.3.5 allows attackers to execute arbitrary code via supplying a crafted XML input...

CVE-2024-12789

A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2024-12789

PbootCMS versions up to 3.2.3 contain a code injection vulnerability in an unspecified portion of apps/home/controller/IndexController.php. The issue arises from improper handling of the tag parameter, enabling arbitrary code execution and remote exploitation. The vulnerability has been publicly ...

RLSA-2024:10219 Moderate: perl-App-cpanminus:1.7044 security update

The panminus is a script to get, unpack, build and install modules from CPAN. Security Fixes: perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution Vulnerability CVE-2024-45321 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

CVE-2022-44520

Acrobat Reader DC version 22.001.20085 and earlier, 20.005.3031x and earlier and 17.012.30205 and earlier are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a...

CVE-2022-44512 Acrobat Reader | Out-of-bounds Write (CWE-787)

Acrobat Reader DC version 22.001.20085 and earlier, 20.005.3031x and earlier and 17.012.30205 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in...

Adobe Animate Integer Latent Vulnerability (CNVD-2024-48900)

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from an integer latency vulnerability that can be exploited by an attacker to execute arbitrary code in the current user's environment...

Microsoft SharePoint Code Execution Vulnerability (CNVD-2024-48755)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A code execution...

CVE-2024-49079

Input Method Editor IME Remote Code Execution Vulnerability...

Directory Traversal

dotnetzip is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file paths during extraction in the src/Zip.Shared/ZipEntry.Extract.cs component, allowing remote attackers to execute arbitrary code...

CVE-2024-49128 Windows Remote Desktop Services Remote Code Execution Vulnerability

...

CVE-2024-49127 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

...

CVE-2024-49132

CVE-2024-49132 affects Windows Remote Desktop Services and is a remote code execution vulnerability exploitable over the network (attack vector: network; no privileges required; user interaction not needed). The CVSSv3.1 base score is 8.1 (HIGH) with high impact on confidentiality, integrity, and...