CVE-2025-3881

eCharge Hardy Barth cPH2 checkreq.php ntp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this...

Vertiv Liebert RDU101 and UNITY

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition or achieve remote code execution 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities,...

CVE-2025-32840

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockGateway' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...

CVE-2025-26668

CVE-2025-26668 is a heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) that allows a network-authenticated attacker to execute code remotely. Affected component is RRAS (Windows Routing and Remote Access Service); root cause is a heap-based overflow that can lead to ar...

CVE-2025-29807

CVE-2025-29807 is a remotely exploitable vulnerability affecting Microsoft Dataverse (and related Dynamics products) in which an attacker can trigger code execution by deserializing untrusted data. The issue is described as a Deserialization of untrusted data that allows an authorized attacker to...

CVE-2022-43622

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Login requests to the web management portal. When...

CVE-2024-23968

CVE-2024-23968 (ChargePoint Home Flex) affects the SrvrToSmSetAutoChnlListMsg function. The flaw stems from insufficient validation of user-supplied data length before copying to a fixed-length stack-based buffer, causing a stack-based overflow. This enables network-adjacent attackers to execute ...

CVE-2024-24731

CVE-2024-24731 affects Silicon Labs Gecko OS. The vulnerability is a stack-based buffer overflow in the http_download command caused by insufficient validation of user-supplied data length, enabling network-adjacent attackers to execute arbitrary code with device context and no authentication. Do...

PT-2025-31670 · Alpine +1 · Alpine Ilx-507 +1

Name of the Vulnerable Software and Affected Versions: Alpine iLX-507 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices without authentication. The flaw resides within the Tidal...

CVE-2024-48841

Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older...

CVE-2024-11948

CVE-2024-11948 affects GFI Archiver due to a vulnerable Telerik Web UI version used in the installer. The flaw allows remote attackers to execute arbitrary code on affected installations without authentication, running with the NETWORK SERVICE context. This is a post-exploitation/initial-access r...

CVE-2024-27128 QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS...

CVE-2023-50364

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS...

Important: cups-filters

Issue Overview: A vulnerability was found in cups-filters. This security flaw occurs if you use beh to create an accessible network printer, possibly resulting in remote code execution. CVE-2023-24805 Affected Packages: cups-filters Issue Correction: Run dnf update cups-filters --releasever...

CVE-2022-43624

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

CVE-2022-24672

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of...

CVE-2016-10655

The clang-extra module installs LLVM's clang-extra tools. clang-extra downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is...

Downloads Resources over HTTP

Overview Affected versions of xd-testing insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...

ALCASAR-Remote

By sending a specially crafted value in the "host" HTTP header, it is possible to inject the exec function in order to execute commands as Apache user. !/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db...