SAMSUNG Blockchain Keystore Code Execution Vulnerability (CNVD-2025-20014)

SAMSUNG Blockchain Keystore is a system tool for creating, storing, managing and backing up private keys from Samsung South Korea. A code execution vulnerability exists in SAMSUNG Blockchain Keystore, which can be exploited by an attacker to execute arbitrary code on the system...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-18819)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which is caused due to an error when opening a specially crafted file. An attacker could exploit this vulnerability to execute arbitrary code on t...

Microsoft Word Code Execution Vulnerability (CNVD-2025-18826)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. Microsoft Word Code Execution Vulnerability, the vulnerability is caused due to incorrect conversion between number types. An attacker could exploit this vulnerability to execute arbitrary co...

WordPress B Slider - Gutenberg Slider Block for WP plugin code execution vulnerability

WordPress B Slider - Gutenberg Slider Block for WP plugin is a core editor plugin that comes with WordPress and is part of the Gutenberg editor that was introduced in WordPress version 5.9. A code execution vulnerability exists in WordPress B Slider- Gutenberg Slider Block for WP plugin, which...

CVE-2012-10054

Umbraco CMS

Apple macOS Sequoia code execution vulnerability (CNVD-2025-19511)

Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia suffers from a code execution vulnerability that is caused due to an error in the model I/O component when opening a specially crafted file. An attacker can exploit the vulnerability to execute...

NVIDIA Triton Inference Server Code Execution Vulnerability (CNVD-2025-20011)

NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. A code execution vulnerability exists in NVIDIA Triton Inference Server, which can be exploited by attackers to execute arbitrary code, cau...

Microsoft Excel 资源管理错误漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which is caused by free use when opening specially crafted files. An attacker can exploit the vulnerability to execute arbitrary code on the syste...

CVE-2025-48913

CVE-2025-48913 affects Apache CXF where untrusted users configuring JMS could exploit RMI/LDAP URLs to achieve code execution. The issue arises from CXF JMS configuration allowing unsafe protocols; the interface now rejects those protocols to remove the possibility of remote code execution. Publi...

CVE-2025-8655

Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific...

The vulnerability of embedded software developed by Qualcomm, related to unverified array indexing, allows a hacker to execute arbitrary code.

The vulnerability of microprogramming software in embedded Qualcomm chips is related to unverified array indexing. Exploiting this vulnerability can allow attackers to execute arbitrary code...

PT-2025-32398 · Xoda · Xoda

Name of the Vulnerable Software and Affected Versions: XODA version 0.4.5 Description: XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to...

CVE-2025-54949

CVE-2025-54949 describes a heap buffer overflow in ExecuTorch model loading, potentially enabling code execution or other destructive effects. Affected software: ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be. Public metrics list a CVSS v3.1 base score of 9.8 (CRITICAL) with ...

CVE-2025-8655 Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability

Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific...

CVE-2025-8654 Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability

Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific fla...

CVE-2025-8653 Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability

Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR. Authentication is not required to exploit this vulnerability. The specific...

CVE-2025-8649

CVE-2025-8649 affects Kenwood DMX958XR, specifically the JKWifiService . The vulnerability stems from insufficient validation of a user-supplied string before it is used to execute a system call, allowing a local attacker with physical access to run code as root. Reports indicate a command inject...

CVE-2025-8645 Kenwood DMX958XR Firmware Update Command Injection Vulnerability

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...

CVE-2025-8640

The CVE-2025-8640 entry describes a command-injection vulnerability in Kenwood DMX958XR firmware update handling. The flaw arises from insufficient validation of a user-supplied string used to construct a system call, enabling a physically present attacker to run code as root without authenticati...

CVE-2025-53394

Paramount Macrium Reflect through 2025-06-26 allows attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx or .mrbax backup file and a renamed executable placed in the same directory. When a user with administrative privileges opens the crafted backup file and...