CVE-2024-12433

A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC server in RagFlow uses a hard-coded AuthKey 'authkey=b'infiniflow-token4kevinhu'' which can be easily fetched by attackers to join the group communication without restrictions. Additionally, the serve...

CVE-2024-12433

A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC server in RagFlow uses a hard-coded AuthKey 'authkey=b'infiniflow-token4kevinhu'' which can be easily fetched by attackers to join the group communication without restrictions. Additionally, the serve...

CVE-2024-11041

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue,...

CVE-2024-12215

CVE-2024-12215 — Kedro 0.19.8 : The pull_package() API path can execute the tarball’s setup.py via project_wheel_metadata(), enabling remote code execution (RCE) by running arbitrary commands on the victim’s machine. The vulnerability affects kedro-org/kedro and is documented with RCE impact and ...

CVE-2024-11041 Remote Code Execution in vllm-project/vllm

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue,...

CVE-2024-9053 Remote Code Execution in vllm-project/vllm

vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer RPC server entrypoints. The core functionality runserverloop calls the function makehandlercoro, which directly uses cloudpickle.loads on received messages without any sanitization. This can result in remote code...

PT-2025-12262 · Vllm · Vllm

Name of the Vulnerable Software and Affected Versions: vllm-project vllm version 0.6.0 Description: The issue concerns a vulnerability in the AsyncEngineRPCServer RPC server entrypoints. The core functionality run server loop calls the function make handler coro, which directly uses...

PT-2025-12284 · Superagi · Superagi

Name of the Vulnerable Software and Affected Versions: SuperAGI affected versions not specified Description: SuperAGI is vulnerable to remote code execution. The agent template update API allows attackers to control certain parameters, which are then fed to the eval function without any...

PT-2025-12046

Name of the Vulnerable Software and Affected Versions: h2oai/h2o-3 versions 3.46.0.4 through 3.46.0.5 Description: A vulnerability in the h2oai/h2o-3 REST API allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The issue exists in the endpoints...

(0Day) Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of dae...

PT-2025-12133 · Unknown +1 · Binary-Husky/Gpt Academic +1

Name of the Vulnerable Software and Affected Versions: binary-husky/gpt academic version git 310122f Description: A vulnerability in binary-husky/gpt academic allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python...

CVE-2025-27778 Applio allows unsafe deserialization in infer.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in infer.py. The issue can lead to remote code execution. As of time of publication, a fix is available on the main branch of the Applio repository but not attached to a numbered release...

Remote Code Execution (RCE)

graphql-ruby is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe schema loading due to the ability to execute arbitrary code when processing a malicious schema definition using GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load from an untrusted source...

Apache Tomcat CVE-2025-24813: What You Need to Know

Here at Rapid7, our usual bar for calling a vulnerability an emergent threat is either known exploitation at scale, or likelihood of exploitation at scale. Apache Tomcat CVE-2025-24813 fulfills neither of these criteria, despite a variety of news headlines alleging broad exploitation in the wild...

CVE-2024-10442

Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the...

PT-2025-11656 · Synology · Synology Camera Firmware

Name of the Vulnerable Software and Affected Versions: Synology Camera Firmware versions prior to 1.2.0-0525 Description: A vulnerability regarding out-of-bounds read is found in the video interface, allowing remote attackers to execute arbitrary code via unspecified vectors. The affected models...

CVE-2025-27407

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

CVE-2025-2018 Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit...

CVE-2025-2012 Ashlar-Vellum Cobalt VS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt VS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must...

CVE-2025-24993 Windows NTFS Remote Code Execution Vulnerability

...