(Pwn2Own) Apple Safari B3 JIT Compiler Integer Underflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the B3 JIT compiler...

PT-2025-7327 · Pytorch +1 · Pytorch +1

Name of the Vulnerable Software and Affected Versions: InvokeAI affected versions not specified Description: The issue concerns an unsafely deserialized file download in the backend, potentially allowing remote code execution RCE through PyTorch's torch.load function. Recommendations: At the...

CVE-2025-24893

CVE-2025-24893 affects XWiki Platform and enables unauthenticated remote code execution via the SolrSearch macro, where user-controlled input is evaluated by the Groovy engine, leading to arbitrary command execution and impact to confidentiality, integrity, and availability of the whole installat...

CVE-2025-26613

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. An OS Command Injection vulnerability was discovered in the WeGIA application, gerenciarbackup.php endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. This issue ha...

InvokeAI RCE

InvokeAI has a critical vulnerability leading to remote code execution in the /api/v2/models/install API through unsafe model deserialization. The API allows users to specify a model URL, which is downloaded and loaded server-side using torch.load without proper validation. This functionality...

CVE-2025-1302

CVE-2025-1302 affects jsonpath-plus

CVE-2024-35373

Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php...

Microsoft High Performance Compute (HPC) Pack (CVE-2025-21198)

A remote code execution vulnerability exists in Microsoft High Performance Compute HPC Pack prior to 2019 update 3. An authenticated, adjacent attacker can exploit this to execute arbitrary commands on the target system. Note that Nessus has not tested for this issue but has instead relied only o...

PT-2025-6710 · Apache · Apache Ignite

Name of the Vulnerable Software and Affected Versions: Apache Ignite versions 2.6.0 through 2.17.0 Description: The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server classpath and sends it t...

CVE-2025-1052

Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

CVE-2025-21371 Windows Telephony Service Remote Code Execution Vulnerability

...

CVE-2025-21201 Windows Telephony Server Remote Code Execution Vulnerability

...

CVE-2025-21208

CVE-2025-21208 is a Windows RRAS Remote Code Execution vulnerability. The NVD entry confirms the issue as a network‑vector RCE with high impact (CVSSv3.1: 8.8, C/H/I/A = high; AV:N, AC:L, PR:N, UI:R, S:U). The vulnerability is tied to Windows RRAS and has a documented CVE entry; exploitation/avai...

PandasAI interactive prompt function Remote Code Execution (RCE)

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI 2.4.3 and earlier fail ...

CVE-2025-24016 Remote code execution in Wazuh server

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and...

CVE-2025-24016

CVE-2025-24016 is a deserialization flaw in Wazuh servers (v4.4.0–

PT-2025-6100

Name of the Vulnerable Software and Affected Versions Wazuh versions 4.4.0 through 4.9.1 Description Wazuh, a platform used for threat prevention, detection, and response, is affected by an unsafe deserialization vulnerability. This flaw, potentially allowing remote code execution, arises from th...

CVE-2025-20634

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Pat...

CVE-2021-26610

The moveuploadedfile function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code...

CVE-2021-35216

Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution...