ThinkPHP Path Traversal Vulnerability

An issue in ThinkPHP Framework v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function...

CVE-2025-50707

An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component...

CVE-2025-50706

CVE-2025-50706 describes a vulnerability in ThinkPHP Framework v5.1 where an unauthenticated remote attacker can execute arbitrary code via the routecheck function. The CVE entry lists a high-severity (CVSSv3.1: 9.8, CRITICAL) impact with attack vector NETWORK and no privileges or user interactio...

PT-2025-32062 · Kenwood · Kenwood Dmx958Xr

Name of the Vulnerable Software and Affected Versions: Kenwood DMX958XR affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required for exploitation. The flaw resides within the...

Squid < 6.4 Remote Code Execution

According to its self-reported version number,the version of Squid installed on the remote host is 5.x 5.0.4 or prior to 4.13. It is, therefore, affected by a heap buffer overflow and possible remote code execution attack when processing URN. Note that the scanner has not tested for these issues...

CVE-2025-50706

An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function...

CVE-2025-8320 Tesla Wall Connector Content-Length Header Improper Input Validation Remote Code Execution Vulnerability

Tesla Wall Connector Content-Length Header Improper Input Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Tesla Wall Connector devices. Authentication is not required to exploit this...

RockyLinux 8 : .NET 9.0 (RLSA-2025:8815)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:8815 advisory. dotnet: .NET Remote Code Vulnerability CVE-2025-30399 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note...

Apple macOS USD importNodeAnimations Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the USD library. T...

CyberPanel < 2.3.8 RCE Direct Check (CVE-2024-51378)

The CyberPanel installed on the remote host is affected by a remote code execution vulnerability. getresetstatus in dns/views.py and ftp/views.py in CyberPanel aka Cyber Panel before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or...

CVE-2016-15046

A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager SSM versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance running on port 8161. An attacker can exploit this flaw through a Cross-Origi...

CVE-2014-125116

A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated...

CVE-2025-5120 Sandbox Escape Vulnerability in huggingface/smolagents

A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution RCE. The vulnerability stems from the localpythonexecutor.py module, which inadequately restricts Python code...

Debian dla-4252 : snapclient - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4252 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4252-1 [email protected] https://www.debian.org/lts/security/...

CVE-2025-54366

FreeScout is a lightweight free open source help desk and shared inbox built with PHP Laravel framework. In versions 1.8.185 and below, there is a critical deserialization vulnerability in the /conversation/ajax endpoint that allows authenticated users with knowledge of the APPKEY to achieve remo...

CVE-2025-54366 FreeScout's deserialization of untrusted data leads to Remote Code Execution

FreeScout is a lightweight free open source help desk and shared inbox built with PHP Laravel framework. In versions 1.8.185 and below, there is a critical deserialization vulnerability in the /conversation/ajax endpoint that allows authenticated users with knowledge of the APPKEY to achieve remo...

CVE-2025-34138

...

SimpleHelp < 5.5.12 RCE

The version of SimpleHelp running on the remote web server is prior to 5.5.12. It is, therefore, affected by a remote code execution vulnerability due to the inclusion of functionality from an untrusted control sphere. An attacker can use this to bypass authentication and execute arbitrary...

CVE-2016-15044 Kaltura < 11.1.0-2 PHP Object Injection RCE

A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata G...

CVE-2025-7250

IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...