192 matches found
AMD SMM Vulnerabilities February 2025 Security Update
AMD has informed HP of potential vulnerabilities identified in some AMD client platform firmware components, which might allow arbitrary code execution. AMD is releasing firmware updates to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerabilities. HP has...
CVE-2025-30165
CVE-2025-30165 : In multi-node vLLM deployments using the V0 engine, a secondary host opens a SUB socket and deserializes inbound data with Python’s unsafe pickle over ZeroMQ XPUB/SUB, enabling remote code execution. The issue affects V0 deployments with tensor parallelism across hosts; V1 is una...
Exploit for CVE-2025-1974
CVE-2025-1974 화이트햇 스쿨 3기 - 김소은 @salt318 https://github...
Python sandbox escape leading to Remote Code Execution (RCE)
Smolagents python sandbox escape leading to Remote Code Execution RCE Summary Smolagents is a barebones library for building agents that “ think in Python code ”—generating and executing Python as part of their reasoning process. Given this design, secure code execution is a critical backbone of...
CVE-2025-27746
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2025-30672
Mite for Perl before 0.013000 generates code with the current working directory '.' added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code...
CVE-2025-30213 Frappe has Possibility of Remote Code Execution due to improper validation
Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch for the vulnerability. There's no workaround; an...
(0Day) CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of update packages on USB drives. The issue resul...
CVE-2024-57348
Cross Site Scripting vulnerability in PecanProject pecan through v.1.8.0 allows a remote attacker to execute arbitrary code via the crafted payload to the hostname, sitegroupid, lat, lon and sitename parameters...
Zabbix 6.4.17rc1 Remote Code Execution
Zabbix server version 6.4.17rc1 remote code execution exploit that provides a reverse shell. ============================================================================================================================================= | Title : Zabbix server v 6.4.17rc1 PHP Code Injection...
CVE-2025-0975 IBM MQ code execution
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters...
Adobe InDesign Code Execution Vulnerability (CNVD-2025-03642)
Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. A code execution vulnerability exists in Adobe InDesign that can be exploited by an attacker to execute arbitrary code in the current user's environment...
CVE-2022-40653
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...
PSV-2023-0039
creationtimestamp| type| source ---|---|--- 2025-02-01 12:00:00+00:00| seen| https://kb.netgear.com/000066558/Security-Advisory-for-Unauthenticated-RCE-on-Some-WiFi-Routers-PSV-2023-0039 2025-02-10 18:21:16+00:00| seen| https://nvd.nist.gov/vuln/detail/CVE-2025-25246...
Windows Bug Class: Accessing Trapped COM Objects with IDispatch
Posted by James Forshaw, Google Project Zero Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy to develop an object-orientated interface to a service which can cross process and security boundaries. This is because they're designed to support a wide range of...
CVE-2025-21186
Microsoft Access Remote Code Execution Vulnerability...
CVE-2024-39367
An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Microsoft Office Remote Code Execution Vulnerability
...
PT-2024-9899
Name of the Vulnerable Software and Affected Versions DrayTek Vigor2960 and Vigor300B version 1.5.1.4 Description A critical vulnerability exists in the Web Management Interface of DrayTek Vigor2960 and Vigor300B. The issue is related to the manipulation of the session argument in the...
[SECURITY] [DSA 5831-1] gst-plugins-base1.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5831-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 14, 2024 https://www.debian.org/security/faq -...