The vulnerability of the exec() function in the icepay.php script of the MagnusBilling VoIP system allows a hacker to execute arbitrary commands.

The vulnerability of the exec function in the icepay.php script of the MagnusBilling VoIP system is related to the failure to take measures to neutralize special elements used in the operating system’s commands when processing the democ parameter. Exploiting this vulnerability allows a remote...

Exploit for CVE-2024-42327

🛡️ Zabbix 7.0.0 SQL Injection Exploit Script A Python script...

CVE-2025-32434

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

PYSEC-2025-41

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

AZL-60877 CVE-2025-32434 affecting package pytorch for versions less than 2.2.2-6

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

AZL-60880 CVE-2025-32434 affecting package pytorch for versions less than 2.0.0-8

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

CVE-2025-32434 PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

CVE-2025-32434 PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

CVE-2025-32434

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

Description I found a Remote Command Execution RCE vulnerability in PyTorch. When loading model using torch.load with weightsonly=True, it can still achieve RCE. Background knowledge https://github.com/pytorch/pytorch/security As you can see, the PyTorch official documentation considers using...

PyTorch 代码问题漏洞

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a remote command execution vulnerability that can be exploited by an attacker to execute arbitrary commands on a system...

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

CVE-2023-27163 CVE-2023-27163 Request-baskets up to v1.2.1 was...

USN-7443-1 erlang vulnerability

Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, and Jörg Schwenk discovered that Erlang OTP’s SSH module incorrect handled authentication. A remote attacker could use this issue to execute arbitrary commands without authentication, possibly leading to a system compromise...

CVE-2025-28137

The TOTOLINK A810R V4.1.2cu.5182B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-31340 Wisdom Master Pro - Improper Control of Filename for Include/Require Statement in PHP Program

A improper control of filename for include/require statement in PHP program vulnerability in the retrieve course Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to perform arbitrary system commands by running a malicious file...

CVE-2025-31340

Wisdom Master Pro, versions 5.0–5.2, is affected by CVE-2025-31340 due to improper control of included/required filenames in the retrieve course Information PHP function. This allows remote execution of arbitrary system commands via a malicious file. Root cause: insecure include/require filename ...

SUNNET Wisdom Master Pro 安全漏洞

SUNNET Wisdom Master Pro is a Wisdom Master management platform from SUNNET. A security vulnerability exists in SUNNET Wisdom Master Pro 5.2 and earlier versions, which stems from improper control of included or referenced filenames in a PHP program, and could lead to the execution of arbitrary...

PT-2025-16885 · Wallos · Wallos

Name of the Vulnerable Software and Affected Versions: Wallos versions 2.38.2 and earlier Description: The issue allows authenticated users to upload malicious files to the server through the restore backup function by uploading a ZIP file. The contents of the ZIP file are extracted on the server...

LRQA Nettitude PoshC2 安全漏洞

LRQA Nettitude PoshC2 is an agent-aware C2 framework from LRQA used to help penetration testers with red teaming, late exploits, and lateral movement. A security vulnerability exists in LRQA Nettitude PoshC2 that stems from allowing an unauthenticated attacker to connect to the C2 server and...

📄 CommScope Ruckus IoT Controller 1.7.1.0 Backdoor Account

CommScope Ruckus IoT Controller version 1.7.1.0 has an undocumented backdoor account. Exploit Title: CommScope Ruckus IoT Controller 1.7.1.0 - Undocumented Account Date: 2021.05.26 Exploit Author: korelogic Vendor Homepage:...