CVE-2025-30381

CVE-2025-30381 is an Excel/Microsoft Office vulnerability describing an out-of-bounds read in Microsoft Office Excel that enables a local attacker to execute arbitrary code on the vulnerable system. The advisory notes a local attack vector and code execution impact, with CVSS v3.1 metrics indicat...

CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability

...

CVE-2025-29979 Microsoft Excel Remote Code Execution Vulnerability

...

CVE-2025-29977 Microsoft Excel Remote Code Execution Vulnerability

...

CVE-2025-29969

Technical details about CVE-2025-29969 (affected product/version, root cause, exploitability, and remediation) are not provided in the supplied documents; monitor for updates.

CVE-2025-45857

CVE-2025-45857 affects Edimax CV7428NS (v1.20). A remote code execution (RCE) vulnerability exists via the command parameter in the mp function. CVSSv3.1 base score is 9.8 (CRITICAL) with network access, no privileges, no user interaction required, and impact to confidentiality, integrity, and av...

CVE-2025-44176

Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function...

CVE-2025-3711

The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device...

CVE-2025-3710 ATEN LCD KVM over IP Switch CL5708IM - Stack-based Buffer Overflow

The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device...

CVE-2025-29509

Jan v0.5.14 and before is vulnerable to remote code execution RCE when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of electronAPI, with a lack of filtering of URL when calling shell.openExternal...

CVE-2025-46571

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, low privileged users can upload HTML files which contain JavaScript code via the /api/v1/files/ backend endpoint. This endpoint returns a file id, which can be used to open t...

CVE-2025-43850 GHSL-2025-020_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptdir variable takes user input e.g. a path to a model and passes it to the changeinfo function in export.py, which uses it to load the...

CVE-2025-43847 GHSL-2025-017_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckptpath2 variable takes user input e.g. a path to a model and passes it to the extractsmallmodel function in processckpt.py, which uses ...

PT-2025-19748 · Unknown · Retrieval-Based-Voice-Conversion-Webui

Name of the Vulnerable Software and Affected Versions: Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The ckpt path2 variable takes user input, such as a path to a model, and...

CVE-2025-47154

LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that argumentslist references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a crafted .js file. NOTE: the GitHub README says "Ladybird is in a pre-alpha state, and only suitable for u...

PT-2025-18784 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A critical flaw allows attackers to gain full control via remote code execution, potentially compromising networks. The issue is being actively exploited. Recommendations: At the moment, the...

CVE-2025-4125 ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file...

CVE-2025-32444

vLLM (0.6.5–0.8.4) with mooncake integration is vulnerable to remote code execution due to pickle-based serialization over unsecured ZeroMQ sockets that were listening on all interfaces. This could be exploited remotely; non-mooncake deployments are not affected. The issue is fixed in vLLM 0.8.5....

CVE-2025-32444 vLLM Vulnerable to Remote Code Execution via Mooncake Integration

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerab...

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 sli...