Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-242
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-49215 2 Microsoft, Trendmicro 2 Windows, Trend Micro Endpoint Encryption 2025-09-08 N/A 8.8 HIGH
A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
CVE-2025-1994 1 Ibm 1 Cognos Command Center 2025-09-02 N/A 7.8 HIGH
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function.
CVE-2025-1331 2 Ibm, Linux 2 Cics Tx, Linux Kernel 2025-06-05 N/A 7.8 HIGH
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.
CVE-2024-52324 1 Ruijienetworks 1 Reyee Os 2024-12-10 N/A 9.8 CRITICAL
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.
CVE-2021-42543 1 Azeotech 1 Daqfactory 2024-11-21 7.5 HIGH 7.8 HIGH
The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown.
CVE-2021-40698 1 Adobe 1 Coldfusion 2024-11-21 N/A 7.4 HIGH
ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass  . An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.