CVE-2024-48829

Dell SmartFabric OS10 Software (Dell) is affected by CVE-2024-48829: an Improper Control of Generation of Code (Code Injection) vulnerability that can lead to remote code execution by a local, high-privilege attacker on versions prior to 10.6.1.0. The issue is rooted in code-generation handling w...

CVE-2025-12382

Improper Limitation of a Pathname 'Path Traversal' vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 up to build 320, A33.10 up to build...

CVE-2025-12382

Improper Limitation of a Pathname 'Path Traversal' vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 up to build 320, A33.10 up to build...

CVE-2025-12382 Path Traversal Allows Remote Code Execution in AlgoSec Firewall Analyzer

Improper Limitation of a Pathname 'Path Traversal' vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 up to build 320, A33.10 up to build...

EUVD-2025-124977

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows Path Traversal, Code Injection.This issue affects Algosec Firewall Analyzer: A33.0 up to build 320, A33.10 up to build 210...

CVE-2025-42887

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availabilit...

PT-2025-46586

Name of the Vulnerable Software and Affected Versions Algosec Firewall Analyzer versions A33.0 through build 320 Algosec Firewall Analyzer versions A33.10 through build 210 Description A Path Traversal issue exists in Algosec Firewall Analyzer on Linux, 64 bit. This allows for Path Traversal and...

PT-2025-46705

Name of the Vulnerable Software and Affected Versions Dell SmartFabric OS10 Software versions prior to 10.6.1.0 Description Dell SmartFabric OS10 Software versions prior to 10.6.1.0 contain an Improper Control of Generation of Code issue, also known as a Code Injection issue. A local attacker wit...

Dell SmartFabric OS10 Software 代码注入漏洞

Dell SmartFabric OS10 Software is a Debian Linux-based operating system from Dell, USA. Dell SmartFabric OS10 Software suffers from a code injection vulnerability that can be exploited by an attacker to cause code execution...

Algosec Firewall Analyzer 安全漏洞

Algosec Firewall Analyzer is a firewall policy management tool from Algosec USA. A security vulnerability exists in Algosec Firewall Analyzer version A33.0 through build 320 and version A33.10 through build 210, which stems from improperly restricted pathnames that can lead to path traversal and...

EUVD-2025-93536

NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to Code execution, Escalation of privileges, Information disclosure, and Data...

CVE-2025-33178

NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to Code execution, Escalation of privileges, Information disclosure, and Data...

CVE-2025-23357

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering...

Arbitrary Code Injection

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Arbitrary Code Injection. An attacker can execute arbitrary code, escalate privileges, disclose information, or tamper with dat...

CVE-2025-33178

NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to Code execution, Escalation of privileges, Information disclosure, and Data...

CVE-2025-23357

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering...

Redis: Redis: Authenticated users can execute LUA scripts as a different user

A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...

Redis: Redis: Authenticated users can execute LUA scripts as a different user

A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP NetWeaver, SAP Business Connector, SAP HANA, and SAP S/4HANA. The vulnerabilities include deserialization, code injection, insufficient validation, and information disclosure. These vulnerabilities can be exploited by attackers to...

EUVD-2025-68560

Malicious code in patria-mangut94-ruro npm...