CVE-2025-32023

CVE-2025-32023 affects Redis with a stack/heap out-of-bounds write in hyperloglog operations, potentially enabling remote code execution. Affected versions range from 2.8 up to before 8.0.3, and specific 7.x/6.2 lines (8.0.3, 7.4.5, 7.2.10, 6.2.19) are fixed. The root cause is an out-of-bounds wr...

CVE-2025-32023 Redis allows out of bounds writes in hyperloglog commands leading to RCE

Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The...

CVE-2025-32023

Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The...

CVE-2025-6794

Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2025-6663

GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

CVE-2025-6810 Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnerability

Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mescius ActiveReports.NET. Interaction with this library is required to exploit this...

LlamaIndex has Incomplete Documentation of Program Execution related to JsonPickleSerializer component

Incomplete Documentation of Program Execution exists in the run-llama/llamaindex library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer...

PT-2025-28253 · Arduino · Arduino-Esp32

Name of the Vulnerable Software and Affected Versions: arduino-esp32 versions prior to 3.2.1 Description: The issue affects several OTA update examples and the HTTPUpdateServer implementation in the arduino-esp32 core, allowing an attacker to upload and execute arbitrary firmware due to a lack of...

(0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PM...

ROS-20250707-01

A vulnerability in the Konsole terminal emulator of the KDE desktop environment is related to the implementation of an incorrect control flow when processing telnet://, rlogin:// and ssh:// URLs. control flow when handling telnet://, rlogin:// and ssh:// URLs. Exploitation of the vulnerability...

FreeBSD : redis,valkey -- Out of bounds write in hyperloglog commands leads to RCE (f11d0a69-5b2d-11f0-b507-000c295725e4)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f11d0a69-5b2d-11f0-b507-000c295725e4 advisory. Seunghyun Lee reports: An authenticated user may use a specially crafted string to trigger a stack/heap...

CVE-2025-3108

CVE-2025-3108 affects run-llama/llama_index, specifically the JsonPickleSerializer in versions v0.12.27–v0.12.40. The root cause is an insecure fallback to Python’s pickle during deserialization, enabling remote code execution if untrusted data is processed. The impact can be full system compromi...

CVE-2025-34061 PHPStudy 2016-2018 Backdoor Remote Code Execution Vulnerability

A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads in the Accept-Charset HTTP header of incoming requests, decodes and executes the payload without...

CVE-2025-34061 PHPStudy 2016-2018 Backdoor Remote Code Execution Vulnerability

A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads in the Accept-Charset HTTP header of incoming requests, decodes and executes the payload without...

PT-2025-27824 · Phpstudy · Phpstudy

Name of the Vulnerable Software and Affected Versions: PHPStudy versions 2016 through 2018 Description: A backdoor in PHPStudy allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads in the Accept-Charse...

CVE-2025-34073 stamparm/maltrail <=0.54 Remote Command Execution

An unauthenticated command injection vulnerability exists in stamparm/maltrail Maltrail versions =0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. This occurs due to unsafe handling of user-supplied input...

CVE-2025-4689

The CVE-2025-4689 entry concerns Ads Pro Plugin for WordPress (Advertising Manager). The connected sources confirm a vulnerability chain: an unauthenticated Local File Inclusion (LFI) that can lead to Remote Code Execution (RCE), triggered by a prior SQL Injection, within all versions up to 4.89....

CVE-2025-45931

An issue D-Link DIR-816-A2 DIR-816A2FWv1.10CNB05R1B011D88210 allows a remote attacker to execute arbitrary code via system function in the bin/goahead file...

PT-2025-27664

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue allows an unauthorized attacker to execute code over a network due to a 'type confusion' vulnerability in Microsoft Edge Chromium-based, enabling remote code...

CVE-2025-53107

CVE-2025-53107 affects the Serverless/MCP server package used by cyanheads/git-mcp-server. The vulnerability is a command injection in which input parameters are unsafely incorporated into shell commands via child_process.exec, enabling an attacker to inject arbitrary commands and potentially ach...