367935 matches found
CVE-2013-0074
CVE-2013-0074 (Microsoft Silverlight) affects Silverlight 5 and the 5 Developer Runtime prior to 5.1.20125.0. The root cause is improper validation of pointers during HTML object rendering, leading to a pointer-dereference memory corruption that can allow remote code execution via a crafted Silve...
CVE-2008-0655
CVE-2008-0655 affects Adobe Acrobat/Reader (before 8.1.2). Connected advisories confirm multiple vulnerabilities in Adobe Reader/Acrobat, including JS API DOC.print could silently trigger printing, and PDF processing flaws that could enable arbitrary code execution. Red Hat RHSA-2008:0144 documen...
CVE-2007-3010
CVE-2007-3010 affects Alcatel-Lucent OmniPCX Enterprise Communication Server (R7.1 and earlier). The web-based masterCGI script in the Unified Maintenance Tool allows remote arbitrary command execution via shell metacharacters in the user parameter during a ping action, enabling an attacker to ru...
CVE-2018-5002
CVE-2018-5002 affects Adobe Flash Player, up to version 29.0.0.171, with a stack-based buffer overflow that could allow arbitrary code execution in the context of the current user. Connected advisories indicate a remediation upgrade to Flash Player 30.0.0.113 (or newer) to fix this issue, and som...
CVE-2017-6077
CVE-2017-6077 affects NETGEAR DGN2200 routers (firmware up to 10.0.0.50). The vulnerability is a remote code execution via ping.cgi: an authenticated attacker can inject shell metacharacters in the ping_IPAddr field of an HTTP POST, enabling arbitrary OS command execution. The issue is tied to th...
CVE-2016-0984
CVE-2016-0984 is a use-after-free vulnerability in Adobe Flash Player (and related AIR components) that enables arbitrary code execution. Affected products include Flash Player Windows/macOS (before 18.0.0.329 and 19.x prior to 20.0.0.306) and Linux (before 11.2.202.569), as well as Adobe AIR bef...
CVE-2023-0669
Fortra GoAnywhere MFT is affected by CVE-2023-0669, a pre-authentication deserialization vulnerability in the License Response Servlet that enables remote code execution by deserializing attacker-controlled objects. Exploitation and PoCs exist in public exploits/analyses; vendors patched the issu...
CVE-2021-21300
Summary: CVE-2021-21300 affects Git when cloning into case-insensitive file systems and using certain clean/smudge filters (e.g., Git LFS). A specially crafted repository containing symbolic links and files processed by these filters can cause an unchecked script to run during checkout. Affected ...
CVE-2021-23874
CVE-2021-23874 affects McAfee Total Protection (MTP) versions prior to 16.0.30. The vulnerability is an Arbitrary Process Execution leading to local privilege escalation and code execution by a local user, bypassing MTP self-defense. Affected component: MTP privilege management; root cause: impro...
CVE-2019-2616
CVE-2019-2616 affects Oracle Fusion Middleware’s BI Publisher/XML Publisher in versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 . It is a XML External Entity (XXE) injection in the BI Publisher Security subcomponent, allowing an unauthenticated, network-accessible attacker (via HTTP) to read server da...
CVE-2016-0034
Microsoft Silverlight 5 is affected by a remote code execution vulnerability (CVE-2016-0034) due to mishandling of negative offsets during decoding. Versions prior to 5.1.41212.0 are vulnerable; successful exploitation via a crafted web page can lead to arbitrary code execution or DoS. Several co...
CVE-2015-7645
CVE-2015-7645 is an Adobe Flash Player remote code execution vulnerability exploitable via a crafted SWF file. The initial document states Flash Player 18.x–18.0.0.252 and 19.x–19.0.0.207 on Windows and macOS, and 11.x–11.2.202.535 on Linux, with exploitation observed in the wild in October 2015....
CVE-2017-15945
The CVE-2017-15945 issue affects Gentoo package installation scripts for dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera prior to 2017-09-29. The root cause is misused chown calls on user-writable directory trees, enabling a local user with acc...
CVE-2016-4655
CVE-2016-4655 is an iOS kernel information-disclosure vulnerability that allowed memory disclosure via a crafted app on affected iOS versions (pre-9.3.5). The connected docs include PoC exploit references (Trident for iOS
CVE-2011-2462
Adobe Reader/Acrobat U3D memory corruption vulnerability (CVE-2011-2462) affects Adobe Reader X (10.1.1) and earlier on Windows/macOS; Adobe Reader 9.x up to 9.4.6 on Windows, macOS, UNIX; exploitation could allow remote code execution or DoS via crafted U3D content. The issue is in the U3D parse...
CVE-2011-2005
CVE-2011-2005 : Afd.sys in the Microsoft Windows XP (SP2/SP3) and Server 2003 (SP2) Ancillary Function Driver fails to properly validate user‑mode input before passing to kernel mode, enabling local privilege escalation. Exploitation climbs from a crafted user‑mode application to SYSTEM privilege...
CVE-2009-4324
Adobe Reader/Acrobat (Windows/macOS) is affected by CVE-2009-4324 due to a use-after-free in Doc.media.newPlayer inside Multimedia.api. A crafted PDF with ZLib streams can trigger remote code execution. The vulnerability is reported as exploited in the wild in December 2009. Affected versions inc...
CVE-2025-3022
CVE-2025-3022 concerns an OS command injection in E-Solutions E-Management. Multiple sources confirm the vulnerability is triggered via the client parameter to /data/apache/e-management/api/api3.php, allowing an attacker to execute arbitrary commands on the server. The CVE is rated critical (CVSS...
CVE-2022-20747
The CVE-2022-20747 concern is Cisco SD-WAN vManage Software Information Disclosure via the History API. Root cause: insufficient API authorization checks on the underlying OS, enabling an authenticated, lower-privileged user to access sensitive information. Affected component: History API in Cisc...
CVE-2016-2388
CVE-2016-2388 affects SAP NetWeaver AS JAVA (notably 7.4; referenced in SAP Security Note 2256846) where the Universal Worklist Configuration enables remote disclosure of sensitive user information via a crafted HTTP request. Documented impact is information disclosure with network-based access a...
CVE-2021-27562
CVE-2021-27562 affects Arm Trusted Firmware M through 1.2; the NS world can trigger a system halt, overwrite secure data, or print secure data via NSPE handler mode. CVSS indicates low–medium overall risk (LOCAL, LOW IT, HIGH availability impact). Public sources confirm details across NVD, CISA K...
CVE-2018-8414
CVE-2018-8414 is a Windows Shell remote code execution vulnerability where the Windows Shell fails to validate file paths. If a user opens a specially crafted file, an attacker could run arbitrary code in the user’s context. The vulnerability affects Windows 10 and related shells. Microsoft relea...
CVE-2018-0125
CVE-2018-0125 affects Cisco RV132W/RV134W routers. The web interface suffers from incomplete input validation in HTTP requests, allowing an unauthenticated attacker to execute arbitrary code with root privileges or trigger a device reload (DoS). Affected products: RV132W ADSL2+ Wireless-N VPN Rou...
CVE-2015-1770
CVE-2015-1770 affects Microsoft Office 2013 SP1 and Office 2013 RT SP1, via uninitialized memory use in Office components when processing crafted Office documents, enabling remote code execution. The vulnerability’s impact is high (CVE/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) with network vector and ...
CVE-2021-22506
Mode C: Affected product is Micro Focus Access Manager prior to version 5.0. The connected documents describe an Information Leakage vulnerability (CVE-2021-22506) in the Access Manager, arising from an advance configuration exposure that could disclose information. The Nessus entry additionally ...
CVE-2015-2425
Technical details about CVE-2015-2425 are not publicly available in the provided connected documents. Current sources confirm IE11 memory corruption remote code execution vector, but specifics (affected versions, root cause, fixes) are not disclosed here. Monitor for updates.
CVE-2015-1701
CVE-2015-1701 is a Win32k.sys kernel-mode privilege-escalation flaw affecting Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2. The issue stems from improper handling within win32k, notably around the ClientCopyImage/SetWindowLongPtr path, enabling a crafted user-mode input to execute code...
CVE-2021-3129
CVE-2021-3129 affects Laravel Ignition (and Laravel < 8.4.2) where insecure use of file_get_contents()/file_put_contents in debug mode allows unauthenticated RCE. Exploitable versions: Laravel Ignition < 2.5.2 and Laravel
CVE-2018-19949
CVE-2018-19949 is a remote command-injection vulnerability in QNAP QTS File Station. Multiple connected sources confirm that, if exploited, remote attackers could run arbitrary commands, with a high-severity impact (NVD CVSS v3.1: CRITICAL, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). QNAP has issued fi...
CVE-2018-0155
CVE-2018-0155 affects Cisco Catalyst 4500/4500-X switches where the BFD offload has insufficient error handling for incomplete BFD headers. An unauthenticated remote attacker can send crafted BFD messages to trigger a crash in the iosd process and potentially cause system reloads, resulting in Do...
CVE-2018-6882
Zimbra Collaboration Suite (ZCS) is affected by an XSS in ZmMailMsgView.getAttachmentLinkHtml. The vulnerability exists in ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7, allowing remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. Affected...
CVE-2009-1123
CVE-2009-1123 describes a Windows kernel local privilege escalation: Windows 2000 SP4; XP SP2/SP3; Server 2003 SP2; Vista (Gold/SP1/SP2); Server 2008 SP2 fail to validate changes to certain kernel objects, allowing local users to gain privileges via a crafted application. Affected components: ker...
CVE-2023-44446
CVE-2023-44446 affects GStreamer’s MXF demuxer (gstreamer1-plugins-bad-free, among others). The vulnerability is a use-after-free during MXF file parsing caused by not validating an object’s existence before operating on it. This can allow an attacker to execute code in the context of the affecte...
CVE-2021-27561
CVE-2021-27561 affects Yealink Device Management (DM) platform, specifically DM 3.6.0.20. The vulnerability enables pre-auth, unauthenticated remote command execution via the URI /sm/api/v1/firewall/zone/services, yielding root access and high-severity impact (CVSS v3.1: 9.8, CRITICAL). The conne...
CVE-2025-69690
Netgate pfSense Community Edition 2.7.2 and 2.8.0 are affected by two authenticated RCE paths. First, unsafe deserialization in the module installer/backups allows a crafted backup XML containing a serialized PHP object with the post_reboot_commands property to execute commands with root privileg...
CVE-2018-0147
CVE-2018-0147 affects Cisco Secure Access Control System (ACS) prior to 5.8 patch 9. The root cause is insecure Java deserialization of user-supplied content, allowing unauthenticated remote attackers to execute arbitrary commands with root privileges on affected devices. Public sources in the co...
CVE-2017-8540
CVE-2017-8540 affects Microsoft Malware Protection Engine (MMPE) across Forefront/Defender deployments. The weakness arises from a use-after-free in the garbage collection system managing JavaScript objects during scanning of specially crafted files, enabling memory corruption and potential remot...
CVE-2016-8562
Siemens SIMATIC CP 1543-1 and SIPLUS NET CP 1543-1 (versions before 2.0.28) are affected by CVE-2016-8562. Under special conditions, SNMP variables on port 161/UDP, which should be read-only, can be written, potentially reducing availability or causing denial-of-service. The ICS advisory notes th...
CVE-2025-0443
CVE-2025-0443 affects Google Chrome/Chromium with insufficient data validation in Extensions, allowing privilege escalation when a user is tricked into specific UI gestures via a crafted HTML page. Connected sources confirm Chrome/Chromium and show remediation in Chrome 132.0.6834.83 (and Debian’...
CVE-2023-20198
Cisco IOS XE Web UI vulnerabilities CVE-2023-20198 and CVE-2023-20273 allow authenticated attackers to escalate to root via the Web UI due to input validation weaknesses, enabling privilege escalation and potential remote code execution. Cisco has released fixed builds: 17.3.8a (for the 17.3 trai...
CVE-2022-23635
Technical details for CVE-2022-23635 are not publicly available in the provided connected documents. Monitor for updates; no additional exploit, impact, or remediation details are present in the connected sources.
CVE-2018-11138
CVE-2018-11138 affects Quest KACE System Management Appliance 8.0.318 where the unauthenticated /common/download_agent_installer.php endpoint can be abused to execute arbitrary commands as the web server user. The Core Security advisory and multiple sources confirm remote code execution via unaut...
CVE-2016-3643
SolarWinds Virtualization Manager
CVE-2011-1889
CVE-2011-1889 affects Microsoft Forefront Threat Management Gateway (TMG) 2010. The vulnerability is in the NSPLookupServiceNext function of the TMG Firewall Client Winsock provider, due to a memory corruption/bounds-checking flaw that enables remote code execution. Exploitation involved remote a...
CVE-2016-10174
The NETGEAR WNR2000v5 router is affected by a buffer overflow in the hidden_lang_avi parameter when invoking /apply.cgi?/lang_check.html. An unauthenticated attacker can cause remote code execution. Documentation and exploit sources (e.g., Metasploit module for WNR2000v5 and exploits in Exploit-D...
CVE-2014-4113
CVE-2014-4113 corresponds to a Windows kernel-win32k.sys local privilege escalation (MS14-058) affecting multiple Windows editions (e.g., Windows 7/8/8.1 and corresponding server variants). The vulnerability arises in win32k.sys kernel-mode drivers and allows a crafted user-mode application to ga...
CVE-2026-44249
Netty CVE-2026-44249 details a subnet filter bypass in netty-handler due to an incorrect masking operation in IpSubnetFilterRule.compareTo(). Affected are Netty versions prior to 4.1.135.Final and 4.2.15.Final. An attacker could bypass IPv6 subnet restrictions, allowing valid public IPs to bypass...
CVE-2021-22907
CVE-2021-22907 is a local privilege escalation vulnerability in Citrix Workspace App for Windows caused by improper access control. The issue affects Citrix Workspace App on Windows in versions prior to 2105 and the 1912 LTSR branch prior to CU4. A local user with admin privileges could escalate ...
CVE-2020-25223
CVE-2020-25223 is a remote code execution vulnerability in the WebAdmin interface of Sophos SG UTM, exploitable without authentication. The flaw allows an unauthenticated attacker to run arbitrary commands as root via a SID-based command injection in WebAdmin. Affected versions are Sophos SG UTM ...
CVE-2009-3129
CVE-2009-3129 concerns a remote-code-execution vulnerability in Microsoft Office Excel and related components caused by a FEATHEADER record with an invalid cbHdrData size that affects a pointer offset. Affected products include Excel 2002 SP3, 2003 SP3, 2007 SP1/SP2, Open XML File Format Converte...