1652 matches found
F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability
F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system commands, create or delete files, and disable services...
Microsoft Edge and Internet Explorer Memory Corruption Vulnerability
Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user...
Microsoft Windows Spoofing Vulnerability
Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed files...
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...
Ivanti Pulse Connect Secure Use-After-Free Vulnerability
Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services...
VMware vCenter Server File Upload Vulnerability
VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code...
Apple iOS WebKit Memory Corruption Vulnerability
Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML...
BQE BillQuick Web Suite SQL Injection Vulnerability
BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution...
Google Chromium Information Disclosure Vulnerability
Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium,...
Google Chromium V8 Incorrect Implementation Vulnerabililty
Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...
Microsoft Defender Remote Code Execution Vulnerability
Microsoft Defender contains an unspecified vulnerability that allows for remote code execution...
VMware Multiple Products Privilege Escalation Vulnerability
VMware Fusion, Remote Console VMRC for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root...
Google Chromium V8 Heap Buffer Overflow Vulnerability
Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsof...
Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation...
Qualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerability
Multiple Qualcomm chipsets contain a detection of error condition without action vulnerability when improper handling of address deregistration on failure can lead to new GPU address allocation failure...
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user...
Microsoft DirectX NULL Byte Overwrite Vulnerability
Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file...
Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability
Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message. Please be aware that CVE-2025-59719...
ASUS Routers Improper Authentication Vulnerability
ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administrative interface. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...
Broadcom Brocade Fabric OS Code Injection Vulnerability
Broadcom Brocade Fabric OS contains a code injection vulnerability that allows a local user with administrative privileges to execute arbitrary code with full root privileges...
Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...
Apache RocketMQ Command Execution Vulnerability
Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running...
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user...
Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability
Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context...
Samsung Mobile Devices Improper Access Control Vulnerability
Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370...
Samsung Mobile Devices Improper Access Control Vulnerability
Samsung mobile devices using Mali GPU contains an improper access control vulnerability in seclog file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370...
PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability
PEAR ArchiveTar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drup...
Apple Multiple Products Use-After-Free Vulnerability
A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges...
SAP NetWeaver Unrestricted File Upload Vulnerability
SAP NetWeaver contains a vulnerability that allows unrestricted file upload...
Adobe Flash Player and AIR Integer Overflow Vulnerability
Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code...
Apple iOS Memory Corruption Vulnerability
Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution...
Google Chrome Blink Use-After-Free Vulnerability
Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML page...
Trend Micro Apex Central Arbitrary File Upload Vulnerability
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution...
Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability
Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service DoS...
Citrix SD-WAN and NetScaler Command Injection Vulnerability
Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance...
Citrix ShareFile Improper Access Control Vulnerability
Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller...
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or...
Treck TCP/IP stack Out-of-Bounds Read Vulnerability
The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability...
Exim Out-of-bounds Write Vulnerability
Exim contains an out-of-bounds write vulnerability which can allow for remote code execution...
Cisco IOS and IOS XE Software Improper Input Validation Vulnerability
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service DoS...
Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability
Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file...
Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability
A code execution vulnerability exists in the Stapler web framework used by Jenkins...
Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability
Intel products contain a vulnerability which can allow attackers to perform privilege escalation...
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...
Microsoft Windows Update Medic Service Privilege Escalation Vulnerability
Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation...
Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability
Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems...
Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user...
Microsoft Windows Privilege Escalation Vulnerability
Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys Winsock handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker to execute code with elevated privileges...
Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability
Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room...
Realtek AP-Router SDK Buffer Overflow Vulnerability
Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service DoS...