| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| Maintainers have included reasons at https://gitlab.gnome.org/GNOME/libsoup/-/issues/465 |
| NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-13055. |
| NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-13709. |
| Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043. |
| Substance3D - Viewer versions 0.25 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| Photoshop Desktop versions 25.12.3, 26.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26168. |
| Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI commands |
| IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. |
| Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c. |
| An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert. |
| Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a malicious MCP server with compatible OAuth authorization server endpoints and trick victims into connecting it, leading to OS command injection in vulnerable clients. This issue has been patched in version 1.5.2. |
| Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’s implicit trust in the oauth auth redirection endpoints and failure to properly sanitize the URL. This issue has been patched in version 1.5.2. |
| eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of the ntp parameter provided to the check_req.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23113. |
| eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of the dest parameter provided to the nwcheckexec.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23114. |
| eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of GET parameters provided to the index.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23115. |
