CVE-2024-37185

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write...

CVE-2024-4897

parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llamacpppython-0.2.61+cpuavx2-cp311-cp311-manylinux231x8664. The vulnerability arises from the application's 'bindingzoo' feature, which allows attackers ...

CVE-2024-57520

Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the actioncreateconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the Asterisk product directory aka directory traversal...

CVE-2024-26304

There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's access point management protocol UDP port 8211. Successful exploitation of this...

CVE-2025-20634

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Pat...

CVE-2024-11610

CVE-2024-11610 affects AutomationDirect C-More EA9/EAP9 programming software. The vulnerability stems from parsing EAP9 files, where improper validation of user-supplied data can cause memory corruption and enable remote code execution. Exploitation requires user interaction (target opens a malic...

CVE-2024-12248

Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution...

CVE-2024-40673

In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

CVE-2025-23045 CVAT allows remote code execution via tracker Nuclio functions

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT instance is able to run arbitrary code in the context of the Nuclio function container. This vulnerability affects CVAT deployments that run...

Ollama < 0.4.0 Remote Code Execution

According to the self-reported version in its response header, the version of Ollama hosted on the remote web server is 0.4.0. It is, therefore, affected by a Remote Code Execution. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reporte...

CVE-2025-24367

Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed...

CVE-2025-24357 vLLM allows a malicious model RCE by torch.load in hf_model_weights_iterator

vLLM is a library for LLM inference and serving. vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weightsonly parameter defaults to False. When torch.load loads malicious...

CVE-2025-24367

Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed...

Remote Code Execution (RCE)

system.linq.dynamic.core is vulnerable to Remote code execution RCE. The vulnerability is due to insufficient input validation and improper access control when handling reflection types and static properties/fields in the System.Linq.Dynamic.Core library, allows remote access without proper...

CVE-2019-15690

LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution...

CVE-2019-15690

LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution...

PT-2025-5691

Name of the Vulnerable Software and Affected Versions: libcurl versions using zlib 1.2.0.3 or older Description: The issue is related to automatic gzip decompression of content-encoded HTTP responses with the CURLOPT ACCEPT ENCODING option. An attacker-controlled integer overflow can cause libcur...

CVE-2024-54660

A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the...

CVE-2025-21338

GDI+ Remote Code Execution Vulnerability...

CVE-2025-21186

Microsoft Access Remote Code Execution Vulnerability...