RCE
Monthly
A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all. Rated medium severity (CVSS 6.4). No vendor patch available.
A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec. Rated high severity (CVSS 7.8). No vendor patch available.
GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the execute_query method. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.1.7 via the 'Import/export users' function. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The WP Dropzone plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 1.1.0 via the `ajax_upload_handle` function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the format_classic function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Stack-based buffer overflow in the SMASH-CLP shell. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.
The The Classified Listing - Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A buffer overflow vulnerability exists in the CvManager_SBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
Glob matches files using patterns the shell uses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.
phpMyFAQ is an open source FAQ web application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUI_x64_ADVANTECH.dll (v0.3.9200.20789) when DocumentPropertiesW() is called with a valid dmDriverExtra value but an. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
npm package `expr-eval` is vulnerable to Prototype Pollution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows a local attacker to execute arbitrary code via a crafted script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.
The Creta Testimonial Showcase WordPress plugin before 1.2.4 is vulnerable to Local File Inclusion. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `global.so` binary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi() and eval() in the FunctionField.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The issue was addressed by refusing external connections by default. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers (Firmware FW_v2.0.15_211230_1012). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack-based buffer overflow vulnerability exists in the Linksys E1200 v2 router firmware that allows remote attackers to execute arbitrary code or cause denial of service without authentication. The vulnerability occurs in the httpd binary's get_merge_ipaddr function, which improperly concatenates user-supplied CGI parameters into a fixed-size buffer without bounds checking. With publicly available proof-of-concept exploits and an EPSS score of 0.57% (68th percentile), this represents a moderate exploitation risk for affected devices.
A vulnerability exists in Keycloak's server distribution where enabling debug mode (--debug <port>) insecurely defaults to binding the Java Debug Wire Protocol (JDWP) port to all network interfaces. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.9.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Data Tables Generator by Supsystic plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cleanCache() function in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code ('Code Injection') vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Substance3D - Stager versions 3.1.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in Siemens Software Center (All versions < V3.5), Solid Edge SE2025 (All versions < V225.0 Update 10). Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator versions 28.7.10, 29.8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator on iPad versions 3.0.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator versions 28.7.10, 29.8.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Photoshop Desktop versions 26.8.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
InCopy versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Uncontrolled search path for some Intel Driver and Support Assistant before version 25.2 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Incorrect default permissions for the Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Uncontrolled search path for the Intel(R) System Support Utility before version 4.1.0 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Insecure inherited permissions for some Intel(R) Rapid Storage Technology Application before version 20.0.1021 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Uncontrolled search path for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all. Rated medium severity (CVSS 6.4). No vendor patch available.
A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec. Rated high severity (CVSS 7.8). No vendor patch available.
GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the execute_query method. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.1.7 via the 'Import/export users' function. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The WP Dropzone plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 1.1.0 via the `ajax_upload_handle` function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the format_classic function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Stack-based buffer overflow in the SMASH-CLP shell. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.
The The Classified Listing - Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A buffer overflow vulnerability exists in the CvManager_SBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
Glob matches files using patterns the shell uses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.
phpMyFAQ is an open source FAQ web application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUI_x64_ADVANTECH.dll (v0.3.9200.20789) when DocumentPropertiesW() is called with a valid dmDriverExtra value but an. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
npm package `expr-eval` is vulnerable to Prototype Pollution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows a local attacker to execute arbitrary code via a crafted script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.
The Creta Testimonial Showcase WordPress plugin before 1.2.4 is vulnerable to Local File Inclusion. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `global.so` binary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi() and eval() in the FunctionField.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The issue was addressed by refusing external connections by default. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers (Firmware FW_v2.0.15_211230_1012). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack-based buffer overflow vulnerability exists in the Linksys E1200 v2 router firmware that allows remote attackers to execute arbitrary code or cause denial of service without authentication. The vulnerability occurs in the httpd binary's get_merge_ipaddr function, which improperly concatenates user-supplied CGI parameters into a fixed-size buffer without bounds checking. With publicly available proof-of-concept exploits and an EPSS score of 0.57% (68th percentile), this represents a moderate exploitation risk for affected devices.
A vulnerability exists in Keycloak's server distribution where enabling debug mode (--debug <port>) insecurely defaults to binding the Java Debug Wire Protocol (JDWP) port to all network interfaces. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.9.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Data Tables Generator by Supsystic plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cleanCache() function in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code ('Code Injection') vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Substance3D - Stager versions 3.1.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in Siemens Software Center (All versions < V3.5), Solid Edge SE2025 (All versions < V225.0 Update 10). Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator versions 28.7.10, 29.8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator on iPad versions 3.0.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator versions 28.7.10, 29.8.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Photoshop Desktop versions 26.8.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
InCopy versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Uncontrolled search path for some Intel Driver and Support Assistant before version 25.2 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Incorrect default permissions for the Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Uncontrolled search path for the Intel(R) System Support Utility before version 4.1.0 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Insecure inherited permissions for some Intel(R) Rapid Storage Technology Application before version 20.0.1021 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Uncontrolled search path for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.