540 matches found
CVE-2026-25166 Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability
...
QSpy: A Quantum RAT for Circuit Spying and IP Theft
As quantum computing platforms increasingly adopt cloud-based execution, users submit quantum circuits to remote compilers and backends, trusting that what they submit is exactly what will be run. This shift introduces new trust assumptions in the submission pipeline, which remain largely...
CVE-2019-25352 Genivia Crystal Live HTTP Server 6.01 - 'Crystal Live HTTP Server' Path Traversal
Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' sequences to navigate outside the web root and retrieve sensitive configuration files like Windows...
CVE-2019-25352 Genivia Crystal Live HTTP Server 6.01 - 'Crystal Live HTTP Server' Path Traversal
Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' sequences to navigate outside the web root and retrieve sensitive configuration files like Windows...
CVE-2019-25352
Crystal Live HTTP Server 6.01 exposes a directory traversal vulnerability allowing remote attackers to access sensitive files by manipulating URL path segments with multiple ../ sequences. Affected component is the server’s handling of URL paths, enabling navigation outside the web root and poten...
CVE-2026-2464
Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is...
AMR Printer Management 路径遍历漏洞
AMR Printer Management is a hosting printing service software provided by AMR Printer Management Company in Spain. The AMR Printer Management 1.01 Beta version contains a path traversal vulnerability. This vulnerability stems from path traversal vulnerabilities in the web service, allowing remote...
CVE-2025-13108
IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources...
📄 MCPJam 1.4.2 Command Injection
This Metasploit exploit module targets the MCP Model Context Protocol server, specifically exploiting a command injection vulnerability in the /api/mcp/connect endpoint. The vulnerability allows unauthorized remote command execution by sending crafted JSON payloads that are executed by the server...
PT-2026-4503
Name of the Vulnerable Software and Affected Versions dataSIMS Avionics ARINC 664-1 version 4.5.3 Description The software contains a local buffer overflow that allows attackers to overwrite memory. This is achieved by manipulating the milstd1553result.txt file. An attacker can create a malicious...
CVE-2021-22980
In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility CTU for Windows could allow an attacker to load a malicious DLL library from its current directory. User...
CVE-2021-31850
A denial-of-service vulnerability in Database Security DBS prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files i...
CVE-2018-9193
A researcher has disclosed several vulnerabilities against FortiClient for Windows version 6.0.5 and below, version 5.6.6, the combination of these vulnerabilities can turn into an exploit chain, which allows a user to gain system privileges on Microsoft Windows...
CVE-2021-31840
A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid...
CVE-2025-23236
Buffer overflow vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained...
CVE-2026-20893
Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to the Windows system where the affected product is installed may execute arbitrary code with SYSTEM privilege and/o...
CVE-2019-12569
A vulnerability in Viber before 10.7.0 for Desktop Windows could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow...
Origin validation error vulnerability in Fujitsu Security Solution AuthConductor Client Basic V2
Overview Fujitsu Security Solution AuthConductor Client Basic V2 provided by Fujitsu Client Computing Limited contains the following vulnerability. Origin validation error CWE-346 - CVE-2026-20893 MASAHIRO IIDA of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
PT-2026-1555
Name of the Vulnerable Software and Affected Versions Fujitsu Security Solution AuthConductor Client Basic V2 versions 2.0.25.0 and earlier Description An origin validation error exists in the software. Successful exploitation could allow an attacker who has access to the Windows system where the...
CVE-2023-53912 USB Flash Drives Control 4.1.0.0 Unquoted Service Path Privilege Escalation
USB Flash Drives Control 4.1.0.0 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\USB Flash Drives Control\usbcs.exe' to inject malicious...