EUVD-2023-29228

Malicious code in bioql PyPI...

BIT-VAULT-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse

A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

CVE-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse

A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

CVE-2025-46616

CVE-2025-46616 affects Quantum StorNext Web GUI API and StorNext components (StorNext RYO, StorNext Xcellis Workflow Director, and ActiveScale Cold Storage) prior to version 7.2.4. The vulnerability stems from a file upload path that could enable Arbitrary Remote Code Execution (RCE). Impact is d...

CVE-2025-46616

Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution RCE via upload of a file. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage...

PT-2025-17891 · Quantum · Quantum Stornext Web Gui Api +3

Name of the Vulnerable Software and Affected Versions: StorNext RYO versions prior to 7.2.4 StorNext Xcellis Workflow Director versions prior to 7.2.4 ActiveScale Cold Storage versions prior to 7.2.4 Quantum StorNext Web GUI API versions prior to 7.2.4 Description: The issue allows potential...

CVE-2024-3126 Command Injection in parisneo/lollms-webui

A command injection vulnerability exists in the 'runxttsapiserver' function of the parisneo/lollms-webui application, specifically within the 'lollmsxtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utiliz...

RLSA-2023:7716 Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Arbitrary Remote Code Execution CVE-2023-42917 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Arbitrary Remote Code Execution CVE-2023-42917 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Arbitrary Remote Code Execution CVE-2023-42917 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...

CVE-2023-26360

Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Recent...

CVE-2023-25266

An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the execution of the soffice binary under the attackers control leading to arbitrary remote code...

Heap overflow

Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could...

CVE-2022-21668

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

CVE-2021-3258

Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting XSS, which may lead to arbitrary remote code execution...

Remote code execution

An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...

telnet security update

1:0.17-65 - Resolves: 1814475 - Arbitrary remote code execution in utility.c via short writes or urgent data...

telnet security update

1:0.17-49 - Resolves: 1814775 - Arbitrary remote code execution in utility.c via short writes or urgent data...

CVE-2019-18211

An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user...