CVE-2023-46238

ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to...

CVE-2023-2056

A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. This issue affects the function GetSystemFile of the file modulemain.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2023-47397

WeBid =1.2.2 is vulnerable to code injection via admin/categoriestrans.php...

CVE-2023-43364

main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution...

CVE-2022-41538

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photosadd.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-25578

taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file...

CVE-2022-41308

A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

CVE-2022-41381

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...

CVE-2022-33884

Parsing a maliciously crafted XB file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

CVE-2022-32998

The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

CVE-2022-32278

XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server...

CVE-2022-29033

A vulnerability has been identified in JT2Go All versions V13.3.0.3, Teamcenter Visualization V13.3 All versions V13.3.0.3, Teamcenter Visualization V14.0 All versions V14.0.0.1. The CGMNISTLoader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. A...

CVE-2022-22943

VMware Tools for Windows 11.x.y and 10.x.y prior to 12.0.0 contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest O...

CVE-2022-27592

An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors. We have already fixed the vulnerability in the following...

CVE-2021-34917

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

CVE-2021-34330

A vulnerability has been identified in JT2Go All versions V13.2, Teamcenter Visualization All versions V13.2. The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker...

CVE-2021-34916

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

CVE-2021-34301

A vulnerability has been identified in JT2Go All versions V13.2, Teamcenter Visualization All versions V13.2. The BMPLoader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attack...

CVE-2021-29468

Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on...

CVE-2021-32297

An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow exists in the function main located in pereader.c. It allows an attacker to cause code Execution...