CVE-2025-27781

Applio is affected by CVE-2025-27781 through unsafe deserialization in the inference.py module (and related tts.py input handling). Versions 3.2.8-bugfix and prior are vulnerable because user-supplied model_file values are passed to change_choices/get_speakers_id, which loads models with torch.lo...

PT-2025-11561 · Cryptolib · Cryptolib

Name of the Vulnerable Software and Affected Versions: CryptoLib versions 1.3.3 and earlier Description: A heap buffer overflow vulnerability in CryptoLib's Crypto TC ApplySecurity function allows an attacker to craft a malicious TC frame that causes out-of-bounds memory writes. This can result i...

Linux Distros Unpatched Vulnerability : CVE-2019-8559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes...

CVE-2021-35216

Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution...

CVE-2022-36038

CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution RCE vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Executi...

CVE-2024-21649

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is...

CVE-2024-55877 XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList

XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of XWiki.WikiMacroClass to any page. This compromises the confidentiality, integrity...

CVE-2024-54152

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...

CVE-2024-20101

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602...

CVE-2024-32878 Use of Uninitialized Variable Vulnerability in llama.cpp

Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in ggufinitfromfile, the code will free this uninitialized variable later. In a simple POC, it will directly cause a crash. If the file is carefully constructed, it may be possible to control this...

CVE-2022-36038 CircuitVerse potential RCE vulnerability via Oj.load

CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution RCE vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Executi...

CVE-2022-36041 Rizin Out-of-bounds Write vulnerability in Mach-O binary plugin

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when parsing Mach-O files. A user opening a malicious Mach-O file could be affected by this vulnerability, allowing an attacker to execute code on the...

CVE-2022-36042 Rizin Out-of-bounds Write vulnerability in dyld cache binary plugin

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from dyld cache files. A user opening a malicious dyld cache file could be affected by this vulnerability, allowing an attacker to execu...

CVE-2021-32650 Arbitrary code execution in october/system

October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents P...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Monitoring

Summary Security Vulnerabilities affect IBM Cloud Private Monitoring Vulnerability Details CVEID: CVE-2018-14618 DESCRIPTION: cURL libcurl is vulnerable to a buffer overflow, caused by an integer overflow flaw in the Curlntlmcoremknthash internal function in the NTLM authentication code. By sendi...

Xerox WorkCentre Web Server Unspecified Command Injection (XRX09-001)

According to its model number and software version, the remote host is a Xerox WorkCentre device that reportedly has an as-yet unspecified command injection vulnerability in its web server. A remote attacker may be able to leverage this issue to execute arbitrary code via carefully crafted inputs...

[Full-disclosure] Postnuke 0.750 - 0.760rc4 local file inclusion

Product : Postnuke 0.750 http://www.postnuke.com Description: Postnuke 0.750 - 0.760rc4 local file inclusion Severity: High Description =========== Postnuke is Web Content Management System written in PHP and using mysql as database backend. Detail ====== Directory traversal in function pnModFunc...

EEYE: RealPlayer Zipped Skin File Buffer Overflow

RealPlayer Zipped Skin File Buffer Overflow Release Date: October 27, 2004 Date Reported: October 11, 2004 Severity: High Code Execution Vendor: RealNetworks Systems Affected: For Microsoft Windows RealPlayer 10.5 6.0.12.1053 and earlier RealPlayer 10 RealOne Player v2 RealOne Player v1 Overview:...

tcpdump contains vulnerability in RADIUS decoding function print_attr_string() in print-radius.c

Overview tcpdump contains a vulnerability in the way it parses Remote Authentication Dial In User Service RADIUS packets. Description tcpdump is a widely used network sniffer that is capable of decoding RADIUS packets. A vulnerability exists in the way the tcpdump printattrstring function in...

Multiple vulnerabilities in X.400 implementations

Overview Multiple vulnerabilities exist in different vendors' X.400 implementations. The impacts of these vulnerabilities are varied and range from denial of service to potential remote execution of arbitrary code. Description The U.K. National Infrastructure Security Co-ordination Center NISCC h...