Search Results (6906 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-8445 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2025-04-12 N/A
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
CVE-2016-1000003 1 Mirror Manager Project 1 Mirror Manager 2025-04-12 N/A
Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code.
CVE-2013-6399 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Openstack 2025-04-12 N/A
Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image.
CVE-2012-5488 2 Plone, Redhat 2 Plone, Rhel Cluster 2025-04-12 N/A
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
CVE-2017-20146 1 Gorillatoolkit 1 Handlers 2025-04-11 9.8 Critical
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
CVE-2025-30067 1 Apache 1 Kylin 2025-04-11 7.2 High
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.1. Users are recommended to upgrade to version 5.0.2 or above, which fixes the issue.
CVE-2024-35581 2 Oretnom23, Sourcecodester 2 Computer Laboratory Management System, Laboratory Management System 2025-04-11 6.1 Medium
A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Borrower Name input field.
CVE-2023-45673 2 Joplin Project, Laurent 22 2 Joplin, Joplin 2025-04-11 8.9 High
Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin desktop: 1. has not disabled top redirection for note viewer iframes, and 2. and has node integration enabled. This is a remote code execution vulnerability that impacts anyone who attaches untrusted PDFs to notes and has the icon enabled. This issue has been addressed in version 2.13.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-36568 2 Mayurik, Sourcecodester 2 Gas Agency Management System, Gas Agency Management System 2025-04-11 9.8 Critical
Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=.
CVE-2024-41304 1 Wondercms 1 Wondercms 2025-04-11 5.4 Medium
An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file.
CVE-2024-42634 1 Tenda 2 Ac9, Ac9 Firmware 2025-04-11 9.8 Critical
A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges.
CVE-2024-30878 1 Rageframe 1 Rageframe 2025-04-11 6.1 Medium
A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter.
CVE-2010-2564 1 Microsoft 1 Windows Movie Maker 2025-04-11 N/A
Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
CVE-2013-5912 1 Thomsonreuters 1 Velocity Analytics Vhayu Analytic Server 2025-04-11 N/A
VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action.
CVE-2010-0402 1 Openttd 1 Openttd 2025-04-11 N/A
OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command.
CVE-2009-4273 2 Redhat, Systemtap 2 Enterprise Linux, Systemtap 2025-04-11 N/A
stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.
CVE-2011-3655 1 Mozilla 2 Firefox, Thunderbird 2025-04-11 N/A
Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.
CVE-2010-0814 1 Microsoft 2 Access, Office 2025-04-11 N/A
The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
CVE-2013-4212 1 Apache 1 Roller 2025-04-11 N/A
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."
CVE-2010-1415 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 N/A
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."