1503 matches found
CVE-2025-29828
CVE-2025-29828 (Windows Schannel Remote Code Execution) affects Windows Cryptographic Services. Description confirms missing release of memory after effective lifetime, enabling a remote attacker to execute code over a network. CVSS 3.1/3.1.0 base 8.1 (High) with network vector, no user interacti...
Wazuh Server Deserialization of Untrusted Data Vulnerability
Wazuh contains a deserialization of untrusted data vulnerability that allows for remote code execution on Wazuh servers...
Advisory ROSA-SA-2025-2885
Software: expat 2.2.5 OS: ROSA Virtualization 3.0 packageevrstring: expat-2.2.5-17.0.1.rv30 CVE-ID: CVE-2024-8176 BDU-ID: 2025-04573 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to a stack-based buffer overflow. Exploitation of the vulnerability...
NewStart CGSL MAIN 7.02 : gstreamer1-plugins-bad-free Vulnerability (NS-SA-2025-0083)
The remote NewStart CGSL host, running version MAIN 7.02, has gstreamer1-plugins-bad-free packages installed that are affected by a vulnerability: - GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute...
NewStart CGSL MAIN 7.02 : python-setuptools Vulnerability (NS-SA-2025-0086)
The remote NewStart CGSL host, running version MAIN 7.02, has python-setuptools packages installed that are affected by a vulnerability: - A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These...
CVE-2025-5473 GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability
GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
PT-2025-24053 · Apache · Apache Server
Name of the Vulnerable Software and Affected Versions: Apache Server versions prior to the fixed version Description: An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server. This issue affects the Apache Server,...
CVE-2025-49008
CVE-2025-49008 affects Atheos, a self-hosted browser-based cloud IDE. Prior to version 6.0.4, improper use of escapeshellcmd() in /components/codegit/traits/execute.php enables argument injection and arbitrary command execution. The vulnerability could lead to data breaches or server compromise f...
[ASA-202506-1] roundcubemail: arbitrary code execution
Arch Linux Security Advisory ASA-202506-1 ========================================= Severity: Critical Date : 2025-06-04 CVE-ID : CVE-2025-49113 Package : roundcubemail Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2891 Summary ======= The package...
PT-2025-23551
Name of the Vulnerable Software and Affected Versions DELMIA Apriso versions 2020 through 2025 Description DELMIA Apriso is affected by a deserialization of untrusted data issue that could lead to remote code execution. This vulnerability is actively exploited and has been observed in attacks...
Roundcube Webmail RCE Vulnerability (Jun 2025) - Windows
Roundcube Webmail is prone to an authenticated remote code execution RCE vulnerability via php object deserialization. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
(Pwn2Own) Canon imageCLASS MF656Cdw sfpcmAuthenticateSecAdmin Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sfpcmAuthenticateSecAdmin function. The issue results...
CVE-2024-31634
Cross Site Scripting XSS vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library...
CVE-2024-30565
An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php...
CVE-2024-31002
Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache at Ap4Utils.cpp component...
CVE-2024-31809
TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the FileName parameter in the setUpgradeFW function...
CVE-2024-28853
Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting XSS vulnerability in ampache before v6.3.1 allows a remote attacker to execute code via a crafted payload to serval parameters in the post request of...
CVE-2024-23054
An issue in Plone Docker Official Image 5.2.13 5221 open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index npm...
CVE-2024-24216
Zentao v18.0 to v18.10 was discovered to contain a remote code execution RCE vulnerability via the checkConnection method of /app/zentao/module/repo/model.php...
CVE-2024-24398
Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...