1503 matches found
CVE-2025-30213 Frappe has Possibility of Remote Code Execution due to improper validation
Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch for the vulnerability. There's no workaround; an...
CVE-2025-2530
Luxion KeyShot is affected by a DAE file parsing vulnerability tied to an uninitialized pointer, enabling remote code execution. The flaw resides in parsing .dae files and requires user interaction (visiting a malicious page or opening a malicious file). Affected software versions include Luxion ...
Remote Code Execution (RCE)
vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization due to the use of pickle.loads without proper input validation, allowing an attacker to execute arbitrary code remotely via a malicious serialized object...
CVE-2025-2231 PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visi...
CVE-2025-29807
Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network...
PT-2025-12715
Name of the Vulnerable Software and Affected Versions Ingress-nginx versions prior to 1.12.1, from 1.12.0-beta.0 before 1.12.1 Description Ingress-nginx is vulnerable to a critical remote code execution RCE vulnerability CVE-2025-1974 with a CVSS score of 9.8. This flaw allows unauthenticated...
CVE-2025-0655
A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the enablecustomfilters feature, which is typically restricted to trusted environments. Once enabled, the attacker can exploit the /test-filter endpoint to execute arbitrary system...
CVE-2024-11041
A flaw was found in the vLLM MessageQueue. This vulnerability allows remote code execution via the MessageQueue.dequeue function, which improperly uses pickle.loads to parse received sockets, enabling an attacker to execute arbitrary code by sending a malicious payload. Mitigation Mitigation for...
CVE-2024-8502
A vulnerability in the RpcAgentServerLauncher class of modelscope/agentscope v0.0.6a3 allows for remote code execution RCE via deserialization of untrusted data using the dill library. The issue occurs in the AgentServerServicer.createagent method, where serialized input is deserialized using...
CVE-2024-11131
A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC500, CC400W and TC500...
CVE-2025-23120
A vulnerability allowing remote code execution RCE for domain users...
CVE-2025-23120
CVE-2025-23120 affects Veeam Backup & Replication. A deserialization flaw (CWE-502) in Veeam.Backup.EsxManager.xmlFrameworkDs and Veeam.Backup.Core.BackupSummary allows remote code execution by authenticated domain users on domain-joined servers. The vulnerability exists in versions up to 12.3.0....
vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object
vllm-project vllm version 0.6.0 contains a vulnerability in the distributed training API. The function vllm.distributed.GroupCoordinator.recvobject deserializes received object bytes using pickle.loads without sanitization, leading to a remote code execution vulnerability. Maintainer perspective...
GHSA-9W5H-67GF-XVV8 AgentScope Deserialization Vulnerability
A vulnerability in the RpcAgentServerLauncher class of modelscope/agentscope v0.0.6a3 allows for remote code execution RCE via deserialization of untrusted data using the dill library. The issue occurs in the AgentServerServicer.createagent method, where serialized input is deserialized using...
GHSA-53GH-P8JC-7RG8 LiteLLM Vulnerable to Remote Code Execution (RCE)
BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'postcallrules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function...
LiteLLM Vulnerable to Remote Code Execution (RCE)
BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'postcallrules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function...
CVE-2025-0655
Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-55890. Notes: All CVE users should reference CVE-2024-55890 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2024-7773
Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45436. Notes: All CVE users should reference CVE-2024-45436 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2024-6825
BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'postcallrules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function...
CVE-2024-12433
A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC server in RagFlow uses a hard-coded AuthKey 'authkey=b'infiniflow-token4kevinhu'' which can be easily fetched by attackers to join the group communication without restrictions. Additionally, the serve...