1503 matches found
BeyondTrust Remote Support (RS) 24.2.2 < 24.3.3 Server-Side Template Injection
The version of BeyondTrust Remote Support RS running on the remote host is affected by a server-side template injection vulnerability which can lead to remote code execution. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
CVE-2025-23121
CVE-2025-23121 affects Veeam Backup & Replication (Backup Server) with remote code execution achievable by an authenticated domain user on domain-joined servers. Public details consistently cite version pre-12.3.2.3617 as vulnerable; remediation is to upgrade to 12.3.2.3617 or newer. Multiple sou...
CVE-2025-23121
A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...
CVE-2025-47865
CVE-2025-47865 : A Local File Inclusion vulnerability affects Trend Micro Apex Central widget in versions below 8.0.6955. The flaw exists in the getObjWGFServiceApiByApiName function and can lead to remote code execution on affected installations. Exploitation details in public disclosures indica...
PT-2025-25630 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A remote code execution issue is mentioned, but details are scarce due to the rejection of the candidate. No information is provided about the estimated number of potentially affected device...
CVE-2025-49586 XWiki allows remote code execution through preview of XClass changes in AWM editor
XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application the default for all users XWiki can obtain programming right/perform remote code execution by editing the application. This vulnerability has been fixed in XWiki 17.0.0,...
CVE-2025-49581 XWiki allows remote code execution through default value of wiki macro wiki-type parameters
XWiki is a generic wiki platform. Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter...
CVE-2025-29902
CVE-2025-29902 is described as remote code execution enabling unauthorized users to execute arbitrary code on the server. Connected documents link affected software as Bosch RTS VLink/Telex RDC Server and related components (e.g., Apache HTTP Server in PT-2025-25233), with remediation guidance no...
CVE-2025-47959 Visual Studio Remote Code Execution Vulnerability
...
CVE-2025-30399 .NET and Visual Studio Remote Code Execution Vulnerability
...
CVE-2025-30399
CVE-2025-30399 is a Remote Code Execution vulnerability described as an untrusted search path in .NET and Visual Studio that allows an attacker to execute code over the network by placing files in specific locations. Connected advisories confirm affected runtimes and provide fixes: .NET 8.x runti...
PT-2025-25443 · Unknown · Goodby-Csv
Name of the Vulnerable Software and Affected Versions: goodby-csv versions prior to 1.4.3 Description: The issue concerns an insecure deserialization vulnerability in the goodby-csv library, which can be used as part of a "gadget chain" to achieve remote code execution if an application...
RHEL 9 : gstreamer1-plugins-bad-free (RHSA-2025:8979)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8979 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a...
RHEL 8 : gstreamer1-plugins-bad-free (RHSA-2025:8980)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:8980 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a...
Remote Code Execution (RCE)
Nautobot is vulnerable to Remote Code Execution. The vulnerability is due to insufficient sandboxing due to improper security configuration of the Jinja2 templating feature, allowing malicious users to access secrets or call Python APIs to modify data, bypassing object permissions...
CVE-2025-49091
KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code...
(Pwn2Own) Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exis...
Exploit for Deserialization of Untrusted Data in Wazuh
CVE-2025-24016 Wazuh Remote Code Execution RCE - PoC 🚨 De...
Patch Tuesday - June 2025
Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV. Separately, Microsoft is aware of existing public disclosure for one other freshly...
CVE-2025-47167 Microsoft Office Remote Code Execution Vulnerability
...