| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmp_file into an exec() call. By injecting shell metacharacters into tmp_file, an authenticated attacker can execute arbitrary system commands on the server. This issue has been patched in versions 6.8.150, 25.0.82, and 26.0.5. |
| SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution (RCE) by writing to sensitive locations such as cron jobs, SSH authorized_keys, or shell configuration files. This issue has been patched in version 3.5.5. |
| Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to upload files that are interpreted as executable code, resulting in remote code execution. |
| FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise. |
| Microsoft SharePoint Remote Code Execution Vulnerability |
| Xbox Wireless Adapter Remote Code Execution Vulnerability |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability |
| Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability |
| DHCP Server Service Remote Code Execution Vulnerability |
| Microsoft Xbox Remote Code Execution Vulnerability |
| Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability |
| Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability |
| Windows MultiPoint Services Remote Code Execution Vulnerability |
| Windows Fax Service Remote Code Execution Vulnerability |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| Windows Imaging Component Remote Code Execution Vulnerability |
| Windows Graphics Component Remote Code Execution Vulnerability |
