CVE-2021-23414

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...

Updated lib3mf packages fix security vulnerability

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability CVE-2021-21772. A new package 'act' is...

Samsung Tizen Code Injection Vulnerability (CNVD-2021-51434)

Samsung Tizen is an open-source Linux-based mobile operating system from Samsung, South Korea, for smartphones, tablets, smartwatches, netbooks, in-vehicle messaging and entertainment devices, and smart TVs. A code injection vulnerability exists in Samsung Tizen, which stems from a faulty input...

record-like-deep-assign code issue vulnerability

record-like-deep-assign is a package. A code issue vulnerability exists in record-like-deep-assign that stems from a prototype contamination affecting key functionality within the plugin. No details of the vulnerability are provided at this time...

CVE-2021-35331

In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding...

MGASA-2021-0267 Updated python-babel packages fix a security vulnerability

Relative Path Traversal in Babel 2.9.0 allows an attacker to load arbitrary locale files on disk and execute arbitrary code CVE-2021-20095...

MGASA-2021-0235 Updated mpv packages fix a security vulnerability

Fixed format string vulnerability allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file CVE-2021-30145...

SAP Commerce Code Execution Vulnerability

SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. This product supports sales management, marketing management, order management and operations management. A security vulnerability exists in SAP Commerce 1808, 1811, 1905, 2005, 2011, which allows certain authorized user...

Stack overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on...

CVE-2020-13558

A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free...

CVE-2021-3028

git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution...

PT-2021-11290 · Siemens · Teamcenter Visualization +1

Name of the Vulnerable Software and Affected Versions: JT2Go versions prior to 13.1.0.1 Teamcenter Visualization versions prior to 13.1.0.1 Description: A vulnerability has been identified in the affected applications, where they lack proper validation of user-supplied data when parsing ASM files...

CVE-2020-35709

creationtimestamp| type| source ---|---|--- 2020-12-25 22:56:04+00:00| seen| https://t.me/cibsecurity/21303...

EUVD-2020-9084

Microsoft Excel Remote Code Execution Vulnerability...

Remote Code Execution

wordpress is vulnerable to remote code execution. The installation status of Wordpress is not properly determined in isbloginstalled in wp-includes/functions.php. This could allow an attacker to perform a new installation which would result in remote code execution and denial of service in older...

PT-2020-6496 · Unknown · Datatables.Net

Name of the Vulnerable Software and Affected Versions: datatables.net affected versions not specified Description: The issue is related to insufficient control of modification of dynamically defined object properties, which can be exploited by a remote attacker to execute arbitrary code or cause ...

QEMU code issue vulnerability (CNVD-2020-61976)

QEMU Quick Emulator is a set of simulation processor software by French software developer Fabrice Bellard. The software is fast, cross-platform and other characteristics. QEMU idecanceldmasync contains a security vulnerability that can be exploited by an attacker to force the dereference of a NU...

CVE-2020-26108

cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution SEC-488...

CVE-2020-24890

libraw 20.0 has a null pointer dereference vulnerability in parsetiffifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way...

CVE-2020-24890

libraw 20.0 has a null pointer dereference vulnerability in parsetiffifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way...