CVE-2020-10930

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue results from th...

CVE-2020-10925

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files vi...

EUVD-2021-21476

Malware in sbrugna...

EUVD-2025-23693

Malicious code in bioql PyPI...

EUVD-2023-45729

Malicious code in bioql PyPI...

EUVD-2024-46505

Malicious code in bioql PyPI...

EUVD-2025-23677

Malicious code in bioql PyPI...

CVE-2025-8642

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...

CVE-2025-8649 Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability

Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific...

CVE-2025-8635

Kenwood DMX958XR firmware update command-injection vulnerability allows physically present attackers to execute code as root due to insufficient validation of a user-supplied string in the firmware update process. Several sources (ZDI advisory ZDI-25-783 and related CVE feeds) confirm the issue a...

CVE-2025-8628

CVE-2025-8628 describes a command-injection vulnerability in the Kenwood DMX958XR firmware update process. The flaw stems from insufficient validation of a user-supplied string used in a system call, allowing an attacker with physical access to execute arbitrary code as root on affected DMX958XR ...

CVE-2025-8426

CVE-2025-8426 concerns Marvell QConvergeConsole. The issue is in the compressConfigFiles method where user-supplied paths are not properly validated before file operations, enabling a directory-traversal attack that can disclose sensitive information and trigger a denial-of-service condition. Exp...

Samsung MagicINFO 9 Server SWUpdateFileUploadServlet Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SWUpdateFileUploadServlet class. The issue results from the lack of prope...

(Pwn2Own) Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Bluetooth SDP protocol. The issue results fr...

(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of USB frame packets. The...

CVE-2025-3481

CVE-2025-3481 affects MedDream PACS Server. The flaw is a stack-based buffer overflow in the DICOM file parsing code caused by improper validation of user-supplied data length before copying to a fixed-length stack buffer. This can lead to remote code execution in the service account. Public refe...

CVE-2025-3483 MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability. The specif...

CVE-2025-3483 MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability. The specif...

CVE-2025-3884

CVE-2025-3884 concerns Cloudera Hue’s Ace Editor, where a directory-traversal flaw arises from inadequate validation of a user-supplied path before file operations. The issue could allow remote, unauthenticated attackers to disclose sensitive information within the service account context on affe...

CVE-2025-1048

Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw...