CVE-2025-46731

Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and ALLOWADMINCHANGES must be enabled for this to work...

PT-2025-19763

Name of the Vulnerable Software and Affected Versions aws-amplify/amplify-codegen-ui affected versions not specified Description The issue is related to a lack of input validation in the AWS Amplify Studio UI component property expressions. This could potentially allow an authenticated user who h...

CVE-2025-46566

DataEase CVE-2025-46566 affects the open-source BI tool; authenticated users could achieve RCE via the backend JDBC link due to validation issues in the JDBC path. The vulnerability is addressed in version 2.10.9, with Red Hat/OSV notes indicating a bypass risk before 2.10.10 and that 2.10.10 con...

CVE-2025-32444 vLLM Vulnerable to Remote Code Execution via Mooncake Integration

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerab...

CVE-2015-2079

Usermin 0.980 through 1.x before 1.660 allows uconfigsave.cgi sigfilefree remote code execution because it uses the two argument not three argument form of Perl open...

CVE-2024-40446

An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script...

CVE-2024-53636

An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System SIS EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath parameter...

CVE-2025-2764

CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Although authentication is required to exploit...

PT-2025-17930 · Unknown · Filez Client

Name of the Vulnerable Software and Affected Versions: FileZ client affected versions not specified Description: A cross-site scripting issue was reported in the FileZ client, which could allow code execution if a local user visits a crafted URL. Recommendations: At the moment, there is no...

TOTOLINK EX1200T Code Execution Vulnerability

The TOTOLINK EX1200T is a dual-band wireless signal amplifier that is primarily used to extend the coverage of an existing wireless network. A code execution vulnerability exists in the TOTOLINK EX1200T. The vulnerability stems from the FileName parameter in the setUpgradeFW function for...

Apple Security Advisory 04-16-2025-1

Apple Security Advisory 04-16-2025-1 - iOS 18.4.1 and iPadOS 18.4.1 addresses bypass and code execution vulnerabilities...

Apple Security Advisory 04-16-2025-2

Apple Security Advisory 04-16-2025-2 - macOS Sequoia 15.4.1 addresses bypass and code execution vulnerabilities...

CVE-2025-2764

CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Although authentication is required to exploit...

CVE-2025-2764

CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Although authentication is required to exploit...

CVE-2025-1049

Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-2764 CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability

CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Although authentication is required to exploit...

CVE-2025-2763 CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability

CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this...

CVE-2025-2763 CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability

CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this...

Delta Electronics COMMGR Code Execution Vulnerability

Delta Electronics COMMGR is a communication management software from Delta Electronics China. A code execution vulnerability exists in Delta Electronics COMMGR that stems from insufficient randomness in session ID generation, which can be exploited by an attacker to brute-force break the session ...

GHSA-3922-2R6R-R4FV MCMS allows arbitrary file uploads in the ueditor component

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...