CWE-829: CWE-829

This vulnerability allows remote code execution (RCE) in n8n workflow automation platform by exploiting Git pre-commit hooks. Attackers who can create...

This vulnerability in Siemens Spectrum Power 4 allows attackers to execute arbitrary commands with administrative privileges through the network-acces...

This vulnerability allows remote code execution when users run Cursor CLI inside a malicious repository. Attackers can exploit permissive configuratio...

This vulnerability allows a malicious PostgreSQL superuser on the source server to inject arbitrary code into database dumps. When the dump is restore...

A vulnerability in Cisco Webex App's URL parser allows unauthenticated remote attackers to trick users into downloading malicious files via crafted me...

This vulnerability allows authenticated Checkmk users to directly interact with the underlying Apache installation through reverse proxy configuration...

Honeywell Alerton Visual Logic controllers allow unauthenticated remote users to write and execute arbitrary code without verification. This enables a...

This vulnerability allows a local untrusted app with no special permissions to execute arbitrary code within the Magisk app and escalate privileges to...

CVE-2022-41216 is a Local File Inclusion (LFI) vulnerability in Cloudflow that allows attackers to access sensitive files on the system, potentially e...

NXLog Agent versions before 6.11 can be forced to load an attacker-controlled OpenSSL configuration file via the OPENSSL_CONF environment variable. Th...

This vulnerability allows local file inclusion in ZTE routers' HTTPD binary, enabling attackers who can write malicious files to the /var/lua_session ...

An unauthenticated remote command execution vulnerability in TP-Link wireless access points allows attackers to execute arbitrary commands by sending ...

PHPMailer versions 6.4.1 and earlier contain a function name collision vulnerability in the email address validator. If a malicious function named 'ph...

This vulnerability allows authenticated users in Quadbase EspressReports ES 7 to manipulate the frmsrc parameter to retrieve and execute external file...

ADB Explorer versions 0.9.26020 and below fail to validate the ADB binary path before execution, allowing arbitrary code execution with current user p...

This CVE describes a local privilege escalation vulnerability in Akamai's Guardicore Platform Agent for Windows. An unprivileged local user can create...

CVE-2025-49809 is a privilege escalation vulnerability in mtr (network diagnostic tool) where the MTR_PACKET environment variable can be abused to exe...

This vulnerability allows local users to execute arbitrary code on systems running vulnerable versions of Synology Drive Client. Attackers with local ...

This CVE involves a documentation error in Apache Airflow HDFS Provider versions before 4.1.1, which incorrectly directed users to install an unclaime...

This vulnerability allows unauthenticated attackers to execute arbitrary malicious code by tricking users into loading specially crafted monitoring sc...

CVE-2022-25485 is a local file inclusion vulnerability in CuppaCMS v1.0 that allows attackers to read arbitrary files on the server via the url parame...

This vulnerability allows attackers to include local PHP files in Hospital Patient Record Management System v1.0, potentially leading to arbitrary cod...

This vulnerability allows attackers to corrupt SMRAM memory through insufficient validation of buffer pointers in SMM SWSMI handlers, potentially lead...

This vulnerability allows any user on a system with NVIDIA DCGM to inject malicious shared libraries into the DCGM server process, which typically run...

CVE-2021-34692 is a privilege escalation vulnerability in iDrive RemotePC for Windows. Local low-privileged users can execute arbitrary code with SYST...

This vulnerability allows authenticated attackers in UmbracoForms to execute arbitrary code by supplying a malicious WSDL URL as a data source. It aff...

This CVE describes a Local File Inclusion vulnerability in Zimbra Collaboration's Webmail Classic UI. Authenticated attackers can access sensitive fil...

An unauthenticated attacker can send a specific IEEE 802.15.4 'co-ordinator realignment' packet to Zigbee nodes, forcing them to change their network ...

CVE-2023-4591 is a local file inclusion vulnerability in WPN-XM Serverstack version 0.8.6 that allows unauthenticated attackers to load arbitrary PHP ...

CVE-2022-34121 is a local file inclusion vulnerability in Cuppa CMS v1.0 that allows attackers to read arbitrary files on the server via the /template...

CVE-2021-41569 is a local file inclusion vulnerability in SAS/Intrnet 9.4 that allows authenticated users to escape macro variable constraints and exe...

CVE-2024-28184 is a vulnerability in WeasyPrint that allows attackers to bypass URL fetching restrictions and attach arbitrary file or URL content to ...

The NVIDIA NeMo framework contains a vulnerability where attackers can exploit a predefined variable to include functionality from untrusted sources, ...

This vulnerability affects TBox RTUs running OpenVPN with root privileges. An attacker can set up a local OpenVPN server and push malicious scripts to...

XunRuiCMS versions 4.3.3 to 4.5.1 contain a vulnerability in the cron.php add function that allows authenticated attackers to write arbitrary PHP file...

This vulnerability allows attackers to execute arbitrary commands on Windows systems by crafting malicious shared Anki decks that trigger command exec...