GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 sli...

CVE-2025-46347 YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of...

vLLM Vulnerable to Remote Code Execution via Mooncake Integration

Impacted Deployments Note that vLLM instances that do NOT make use of the mooncake integration are NOT vulnerable. Description vLLM integration with mooncake is vaulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were...

Remote Code Execution (RCE)

moodle/moodle is vulnerable to Remote Code Execution RCE. The vulnerability is due to its default access permissions for teachers and managers on sites, which allows teachers and managers to potentially execute arbitrary code when the repository is enabled...

CraftCMS 3.x < 3.9.15 / 4.x < 4.14.15 / 5.x < 5.6.17 Remote Code Execution

CraftCMS version 3.x prior to 3.9.15 or 4.x prior to 4.14.15 or 5.x prior to 5.6.16 is vulnerable to a Remote Code Execution RCE in the action endpoint. No source data...

Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver

SAP-CVE-2025-31324 POC A tool to detect and exploit a critica...

CVE-2015-2079

Usermin 0.980 through 1.x before 1.660 allows uconfigsave.cgi sigfilefree remote code execution because it uses the two argument not three argument form of Perl open...

CVE-2015-2079

CVE-2015-2079 affects Webmin Usermin 0.980–1.x before 1.660. Root cause: the uconfig_save.cgi module uses the two-argument form of Perl open, enabling remote code execution (sig_file_free). Impact: remote code execution with high/critical potential. Affected software is Usermin; remediation is to...

CVE-2025-3776

The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvrajaxhandler' function. This is due to a lack of validation on the type of function that can be called. This makes it possible for...

CVE-2025-3776 Verification SMS with TargetSMS <= 1.5 - Unauthenticated Limited Remote Code Execution

The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvrajaxhandler' function. This is due to a lack of validation on the type of function that can be called. This makes it possible for...

PT-2025-17875 · Allegra +1 · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Allegra. The specific flaw exists within the implementation of the isZipEntryValide method, which...

CVE-2025-2761 GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open ...

CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0

Description https://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54 reported a vulnerability where loading a malicious model could result in code execution on the vllm host. The fix applied to specify weightsonly=True to calls to torch.load did not solve the problem prior to...

CVE-2025-45429

In the Tenda ac9 v1.0 router with firmware V15.03.05.14multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution...

PT-2025-17642 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.8 Description: The issue allows authenticated users to complete remote code execution RCE through the backend JDBC link. Recommendations: For versions prior to 2.10.8, update to version 2.10.8 to resolve the...

Gimp -- GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability

[email protected] reports: GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target...

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433-Erlang-OTP-SSH-RCE-PoC The vulnerability allows...

Erlang/OTP SSH RCE (OTP-19595)

The Erlang/OTP SSH applicaiton installed on the remote host is 4.15.x 4.15.3.12, 5.1.x 5.1.4.8, 5.2.x 5.2.10. Therefore, it is affected by a remote code execution vulnerability due to a flaw in the SSH protocol message handling. An unauthenticated, remote attacker can exploit this to bypass...

CVE-2025-29058

Summary: CVE-2025-29058 concerns Qimou CMS v3.34.0 where the upgrade.php component enables remote code execution by a malicious actor, as supported by multiple sources in the connected set. What is affected: Qimou CMS version 3.34.0, upgrade.php component. Root cause: insecure handling in upgrade...

CVE-2020-20969

File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcanrestoreitem.php file...