qBittorrent 5.0.1 - MITM RCE

Exploit Title: qBittorrent 5.0.1 MITM RCE Date: 01/02/2025 Exploit Author: Jordan Sharp Vendor Homepage: https://github.com/qbittorrent/qBittorrent Software Link: https://www.qbittorrent.org/download Version: 5.0.1 Tested on: Windows 10 CVE : CVE-2024-51774 Run the PoC on a MITM machine...

CVE-2025-27079

A vulnerability in the file creation process on the command line interface of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to perform remote code execution RCE. Successful exploitation could allow an attacker to execute arbitrary operating system commands on the...

CVE-2025-26642 Microsoft Office Remote Code Execution Vulnerability

...

CVE-2025-21221 Windows Telephony Service Remote Code Execution Vulnerability

...

CVE-2025-29820 Microsoft Word Remote Code Execution Vulnerability

...

CVE-2025-27751 Microsoft Excel Remote Code Execution Vulnerability

...

CVE-2025-27747 Microsoft Word Remote Code Execution Vulnerability

...

CVE-2025-27079

A vulnerability in the file creation process on the command line interface of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to perform remote code execution RCE. Successful exploitation could allow an attacker to execute arbitrary operating system commands on the...

GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The...

PT-2025-15232

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.3.0 Description Langflow is susceptible to code injection due to a lack of authentication in a critical function. A remote and unauthenticated attacker can send crafted HTTP requests to the '/api/v1/validate/code'...

PT-2025-15095 · Anydesk · Anydesk

Name of the Vulnerable Software and Affected Versions: AnyDesk affected versions not specified Description: The issue concerns a remote code execution RCE proof of concept PoC related to AnyDesk. Recommendations: At the moment, there is no information about a newer version that contains a fix for...

CVE-2024-11235

In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...

CVE-2024-11235 Reference counting in php_request_shutdown causes Use-After-Free

In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...

CVE-2025-32118 WordPress CMP – Coming Soon & Maintenance plugin <= 4.1.14 - Remote Code Execution (RCE) vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance cmp-coming-soon-maintenance allows Using Malicious Files.This issue affects CMP – Coming Soon & Maintenance: from n/a through = 4.1.14...

CVE-2025-30406

Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...

PT-2025-14545 · Bl-Ac2100 · Bl-Ac2100

Name of the Vulnerable Software and Affected Versions: BL-AC2100 versions 1.0.4 and earlier Description: The issue allows a remote attacker to execute arbitrary code via the enable parameter passed to "/goform/set hidessid cfg", which is not handled properly. Recommendations: For BL-AC2100 versio...

Amazon Linux 2 : tomcat (ALASTOMCAT9-2025-016)

The version of tomcat installed on the remote host is prior to 9.0.102-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT9-2025-016 advisory. Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious...

CVE-2025-22953

A SQL injection vulnerability exists in Epicor HCM 2021 1.9, with patches available: 5.16.0.1033/HCM2022, 5.17.0.1146/HCM2023, and 5.18.0.573/HCM2024. The injection is specifically in the filter parameter of the JsonFetcher.svc endpoint. An attacker can exploit this vulnerability by injecting...

CVE-2025-29306

An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component...

CVE-2024-47516

A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance...