CVE-2025-63211

CVE-2025-63211 affects Bridgetech VBC Server & Element Manager. A stored cross-site scripting flaw exists in firmware versions 6.5.0-9 through 6.5.0-10, exploitable via the addName parameter on the /vbc/core/userSetupDoc/userSetupDoc endpoint, potentially enabling arbitrary code execution. Connec...

PT-2025-47567

Name of the Vulnerable Software and Affected Versions SonicWall Email Security Appliance affected versions not specified Description The SonicWall Email Security appliance downloads root filesystem images without verifying signatures. This allows attackers with VMDK or datastore access to modify...

CVE-2025-32089

A buffer overflow vulnerability exists in the CvManagerSBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to a arbitrary code execution. An attacker can issue an api call to trigger this...

GHSA-7XCV-9J6C-2FMC Modular Max Serve has Unsafe Deserialization vulnerability

Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code...

CVE-2025-63994

An arbitrary file upload vulnerability in the /php/UploadHandler.php component of RichFilemanager v2.7.6 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2025-63994

An arbitrary file upload vulnerability in the /php/UploadHandler.php component of RichFilemanager v2.7.6 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2025-56526

Cross site scripting XSS vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF...

CVE-2025-56526

Cross site scripting XSS vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF...

CVE-2025-46776

A buffer copy without checking size of input 'classic buffer overflow' vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to execute arbitrary code or comman...

CVE-2025-48839

An Out-of-bounds Write vulnerability CWE-787 in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests...

CVE-2025-34324

GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate...

Security Bulletin: Logback-Core ≤1.5.18 Conditional Config Processing Flaw Enables ACE via Malicious Config or Env Variable

Summary ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before...

CVE-2025-58034

CVE-2025-58034 — Fortinet FortiWeb OS Command Injection occurs in FortiWeb 8.0.0–8.0.1, 7.6.0–7.6.5, 7.4.0–7.4.10, 7.2.0–7.2.11, 7.0.0–7.0.11. The flaw is an OS command injection (CWE-78) allowing an authenticated attacker to execute arbitrary commands on the underlying system via crafted HTTP re...

CVE-2025-34324 GoSign Desktop < 2.4.1 Insecure Update Mechanism RCE

GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate...

CVE-2025-63603

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

CVE-2025-41736

The CVE-2025-41736 vulnerability affects METZ CONNECT EWIO2 family (EWIO2-M, EWIO2-M-BM, EWIO2-BM) and is triggered by a path traversal in PHP that allows a low-privileged, remote attacker to upload or overwrite a Python script, resulting in remote code execution. Multiple sources describe the is...

CVE-2025-8404

CVE-2025-8404 describes a stack buffer overflow in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC can trigger a crafted header to overflow a stack and achieve arbitrary code execution on the BMC firmware OS. The issue is assessed with CVSS 3.1: Network attack ...

EUVD-2025-197951

Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware operating system...

CVE-2025-7623 Supermicro BMC SMASH services has a Stack-based buffer overflow vulnerability

Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware operating system...

PT-2025-47331

Name of the Vulnerable Software and Affected Versions MCP Data Science Server version 0.1.6 Description A command injection issue exists in the safe eval function src/mcp server ds/server.py:108 of the software. The function utilizes Python’s exec to run scripts provided by users, but it does not...