5.3
CVE-2024-58289 - Microweber 2.0.15 Stored Cross-Site Scripting via User Profile Fields
Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially stealโฆ
8.7
CVE-2024-58288 - Genexus Protection Server 9.7.2.10 Unquoted Service Path Privilege Escalation
Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file sysโฆ
8.7
CVE-2024-58287 - reNgine 2.2.0 Authenticated Command Injection via Scan Engine Configuration
reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmap_cmd parameter with malicious base64-encoded payloads to achieve remote code execution duriโฆ
9.3
CVE-2024-58286 - dizqueTV 1.5.3 Remote Code Execution via FFMPEG Executable Path
dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation.
9.9
CVE-2025-64721 - Sandboxie's Integer Overflow in SbieIniServer::RC4Crypt allows sandbox escape and SYSTEM compromise
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.6 and below, the SYSTEM-level service SbieSvc.exe exposes SbieIniServer::RC4Crypt to sandboxed processes. The handler adds a fixed header size to a caller-controlled value_len โฆ
5.1
CVE-2025-14538 - yangshare warehouseManager ไปๅบ็ฎก็็ณป็ป CustomerManageHandler.java addCustomer cross site scripting
A security vulnerability has been detected in yangshare warehouseManager ไปๅบ็ฎก็็ณป็ป 1.1.0. This affects the function addCustomer of the file CustomerManageHandler.java. Such manipulation of the argument Name leads to cross site scripting. The attack can be executed remotely. The exploit has been discloโฆ
7.3
CVE-2025-66584 - Stack-based Buffer Overflow vulnerability in AzeoTech DAQFactory
In AzeoTech DAQFactory release 20.7 (Build 2555), a Stack-Based Buffer Overflow vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
5.3
CVE-2025-64702 - quic-go HTTP/3 QPACK Header Expansion DoS
quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section (many unique header namโฆ
7.3
CVE-2025-66585 - Use After Free vulnerability in AzeoTech DAQFactory
In AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
5.4
CVE-2025-13664 - Quartus Prime Standard Security Advisory
A potential security vulnerability in Quartusยฎ Prime Standard Edition Design Software may allow escalation of privilege.