EUVD-2023-41232

Malicious code in bioql PyPI...

EUVD-2024-28288

Malicious code in bioql PyPI...

CVE-2025-54593

FreshRSS up to version 1.26.1 is vulnerable to RCE via an authenticated administrator who can modify the update URL to execute arbitrary code on the server; successful exploitation can lead to data exfiltration (including hashed passwords) and possible defacement. The issue is fixed in version 1....

Autodesk Revit RTE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RTE...

CVE-2025-41236

VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3...

CVE-2025-48828

Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "vardump""test" syntax, attackers can bypass security checks and execute...

CVE-2023-37273

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing docker compose run auto-gpt in the repo root uses a different docker-compose.yml file from the one suggested i...

CVE-2023-45035

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2022-34289

A vulnerability has been identified in PADS Standard/Plus Viewer All versions. The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current...

CVE-2021-35437

SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute arbitrary code via the TagsAction.class...

CVE-2020-14115

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code...

Invision Community 5.0.6 - Remote Code Execution (RCE)

\n"; print "\nExample....: php $argv0 http://localhost/invision/"; print "\nExample....: php $argv0 https://invisioncommunity.com/\n\n"; die; $ch = curlinit; $params = "app" = "core", "module" = "syst...

CVE-2025-29287

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2025-2761

GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open ...

Exploit for Deserialization of Untrusted Data in Apache Parquet_Java

TRAI-001 CVE-2025-30065: Apache Parquet Remote Code Execution...

GHSA-7Q5R-7GVP-WC82 Zip Exploit Crashes Picklescan But Not PyTorch

Summary PickleScan is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan raise...

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002 RCE PoC Overview This repository contains...

PT-2025-9821

Name of the Vulnerable Software and Affected Versions Kibana versions 8.15.0 through 8.17.2 Description Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions = 8.15.0 and 8.17.1, this is exploitable by...

Wazuh 4.4.0 Remote Code Execution

Wazuh version 4.4.0 proof of concept remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : Wazuh v4.4.0 PHP Code Injection Vulnerability | | Author...

CVE-2025-1240

WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...