2840 matches found
(0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PM...
BIT-LIMESURVEY-2024-42902
An issue in the jslocalize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the jslocalize.php function...
CVE-2023-28912 Cleartext Phonebook Information
The MIB3 unit stores the synchronized phone contact book in clear-text, allowing an attacker with either code execution privilege on the system or physical access to the system to obtain vehicle owner's contact data. The vulnerability was originally discovered in Skoda Superb III car with MIB3...
PT-2025-27276 · Marvell · Marvell Qconvergeconsole
Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole affected versions not specified Description: The issue concerns a deserialization of untrusted data remote code execution vulnerability in the readObjectFromConfigFile function. This allows for remote code execution...
Autel MaxiCharger AC Wallbox Commercial Code Execution Vulnerability
Autel MaxiCharger AC Wallbox Commercial is a smart AI electric car charger from Autel USA. A code execution vulnerability exists in Autel MaxiCharger AC Wallbox Commercial, which can be exploited by an attacker to execute arbitrary code in the context of the device...
PDF-XChange Editor Code Execution Vulnerability (CNVD-2025-16301)
PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. A code execution vulnerability exists in PDF-XChange Editor, which is caused by a lack of proper validation of user-supplied data. An attacker could exploit the vulnerability to execu...
CVE-2025-53002
Summary of CVE-2025-53002 (LLaMA-Factory) : A remote code execution vulnerability was reported in LLaMA-Factory up to version 0.9.3 during training. The root cause is loading the vhead_file without the secure parameter weights_only=True, enabling an attacker to execute arbitrary code by supplying...
CVE-2025-53002 LLaMA-Factory Remote Code Execution (RCE) Vulnerability
LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards,...
CVE-2025-53002 LLaMA-Factory Remote Code Execution (RCE) Vulnerability
LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards,...
CVE-2025-53002 LLaMA-Factory Remote Code Execution (RCE) Vulnerability
LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards,...
CVE-2025-49003
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threa...
CVE-2025-49003 Dataease H2 JDBC Connection Remote Code Execution
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threa...
CVE-2025-6644 PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability
PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a...
CVE-2025-6647 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must vis...
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
CVE-2025-49217
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method...
CVE-2025-52921
In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by uploading a crafted file and then renaming it to have a .php extension by using the Rename Function. This bypasses the initial check that...
CVE-2025-24286
A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code...
CVE-2025-36048 IBM webMethods Integration Sever code execution
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges...
CVE-2025-36632
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege...