1652 matches found
Adobe Reader Buffer Overflow Vulnerability
A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution...
Apple OS X Heap-Based Buffer Overflow Vulnerability
Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context...
Drupal core Un-restricted Upload of File
Improper sanitization in the extension file names is present in Drupal core...
Kibana Arbitrary Code Execution
Kibana contain an arbitrary code execution flaw in the Timelion visualizer...
Apple macOS Unspecified Vulnerability
Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks...
Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability
Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution...
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and...
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability
Microsoft Open Management Infrastructure OMI within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation...
PlaySMS Server-Side Template Injection Vulnerability
PlaySMS contains a server-side template injection vulnerability that allows for remote code execution...
Ivanti Pulse Connect Secure Code Execution Vulnerability
Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution...
SaltStack Salt Authentication Bypass Vulnerability
SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/...
Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability
Zoho ManageEngine ServiceDesk Plus SDP contains an unspecified vulnerability that allows remote users to upload files via login page customization...
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts Adobe Type 1 PostScript format that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfull...
Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. Successful exploitation allows for remote code execution on the host operating system...
Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts...
SaltStack Salt Path Traversal Vulnerability
SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability...
SolarWinds Serv-U Remote Code Execution Vulnerability
SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution...
Tenda AC11 Router Stack Buffer Overflow Vulnerability
Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request...
SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability
SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication...
Microsoft Office PowerPoint Code Injection Vulnerability
Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption...
Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability
Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially...
Google Chromium Out of Bounds Memory Access Vulnerability
Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google...
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability that exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an...
GNU Bash OS Command Injection Vulnerability
GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment...
Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability
Cisco Secure Firewall Adaptive Security ASA Appliance and Secure Firewall Threat Defense FTD Software VPN Web Server contain a missing authorization vulnerability. This vulnerability could be chained with CVE-2025-20333...
Sangoma FreePBX Authentication Bypass Vulnerability
Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution...
Fortinet FortiWeb SQL Injection Vulnerability
Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests...
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
Ivanti Endpoint Manager Mobile EPMM contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework...
SAP NetWeaver Unrestricted File Upload Vulnerability
SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries...
Advantive VeraCore SQL Injection Vulnerability
Advantive VeraCore contains a SQL injection vulnerability in timeoutWarning.asp that allows a remote attacker to execute arbitrary SQL commands via the PmSess1 parameter...
Palo Alto Networks PAN-OS File Read Vulnerability
Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user...
Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability
Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway...
PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability
PTZOptics PT30X-SDI/NDI cameras contain an OS command injection vulnerability that allows a remote, authenticated attacker to escalate privileges to root via a crafted payload with the ntpaddr parameter of the /cgi-bin/param.cgi CGI script...
Samsung Mobile Devices Unspecified Vulnerability
Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP...
Google Chromium PopupBlocker Security Bypass Vulnerability
Google Chromium PopupBlocker contains an insufficient policy enforcement vulnerability that allows a remote attacker to bypass navigation restrictions via a crafted iframe. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...
Adobe Flash Player Memory Corruption Vulnerability
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service DoS...
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation...
Apple iOS Memory Corruption Vulnerability
Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution...
Webmin Command Injection Vulnerability
An issue was discovered in Webmin. The parameter old in passwordchange.cgi contains a command injection vulnerability...
D-Link Multiple Routers Command Injection Vulnerability
Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise...
Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability
Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service DoS...
Juniper Junos OS Path Traversal Vulnerability
A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform remote code execution...
SonicWall SonicOS Buffer Overflow Vulnerability
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service DoS and potentially execute arbitrary code by sending a malicious request to the firewall...
Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability
Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting XSS vulnerability in the Calendar feature that allows an attacker to execute arbitrary code...
Zoho Desktop Central Authentication Bypass Vulnerability
Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server...
Apple iOS WebKit Buffer Overflow Vulnerability
Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML...
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information...
Google Chromium Blink Use-After-Free Vulnerability
Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, an...
Google Chromium V8 Improper Input Validation Vulnerability
Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...
Oracle Multiple Products Remote Code Execution Vulnerability
Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. Impacted Oracle products: Oracle Coherence in Fusion Middleware, Oracle Utilities Framework, Oracle Retail Assortment...