CVE-2024-45352

An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-45352 Xiaomi smarthome application Webview has code execution vulnerability

An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-45352

CVE-2024-45352 affects the Xiaomi Smarthome application. A code execution vulnerability exists due to improper input validation in the internal API parser. The connected exploit document provides a PoC showing unauthenticated RCE via a crafted request to the local API (curl to /api/parse), implyi...

CVE-2024-45352 Xiaomi smarthome application Webview has code execution vulnerability

An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

PT-2025-13026 · Xiaomi · Xiaomi Smarthome Application

Name of the Vulnerable Software and Affected Versions: Xiaomi smarthome application affected versions not specified Description: A code execution issue exists due to improper input validation, allowing attackers to execute malicious code. Recommendations: At the moment, there is no information...

CVE-2024-45351

CVE-2024-45351 affects Xiaomi Game Center app. Connected documents indicate the flaw is due to improper input validation, enabling code execution. The risk details from CVSS v3.1 show LOCAL attack vector, LOW attack complexity, and user interaction required, with all three impact metrics (confide...

CVE-2024-45351 Game center application has code execution Vulnerability

A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2025-2531

Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visi...

CVE-2025-2531 Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visi...

PT-2025-12839 · Carlinkit · Carlinkit Cpc200-Ccpa

Name of the Vulnerable Software and Affected Versions: CarlinKit CPC200-CCPA affected versions not specified Description: The issue is related to an improper verification of cryptographic signature, which can lead to code execution. Recommendations: At the moment, there is no information about a...

LoLLMS Code Injection vulnerability

A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...

CVE-2024-12029

Summary: CVE-2024-12029 affects invoke-ai/invokeai prior to 5.4.3, via unsafe deserialization in the /api/v2/models/install API, leading to remote code execution when loading model files through torch.load. Affected software: invoke-ai/invokeai, versions 5.3.1 through 5.4.2 (and up to 5.4.2 per s...

CVE-2025-27780 Applio allows unsafe deserialization in model_information.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...

CVE-2025-29401

An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-29405

An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5. allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-29401

An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-29401

CVE-2025-29401 is an arbitrary file upload vulnerability affecting emlog pro v2.5.7 in the /views/plugin.php component. The issue allows an attacker to upload a crafted PHP file and achieve remote code execution (RCE). The CVSS 3.1 vector indicates network access, no privileges required, no user ...

CVE-2025-25589

An XML external entity XXE injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file...

gnome-shell and gnome-shell-extensions security update

An update is available for gnome-shell-extensions. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GNOME Shell acts as a compositing manager for the desktop, and...

RLSA-2024:10218 Moderate: perl-App-cpanminus security update

Why? It's dependency free, requires zero configuration, and stands alone but it's maintainable and extensible with plug-ins and friendly to shell scripting. When running, it requires only 10 MB of RAM. Security Fixes: perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution...