CVE-2025-2243

A server-side request forgery SSRF vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue...

CVE-2025-32118

CVE-2025-32118 affects the CMP – Coming Soon & Maintenance Plugin by NiteoThemes. The connected data specifies an Authenticated Arbitrary File Upload (unrestricted file upload) vulnerability, enabling malicious file uploads by an attacker with admin-level privileges. The CVSSv3.1 base score is 9....

CVE-2025-29062

An issue in BL-AC2100 =V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the setLimitClientcfg of the goahead webservice...

Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution...

CVE-2025-31132

Raven is an open-source messaging platform. A vulnerability allowed any logged in user to execute code via an API endpoint. This vulnerability is fixed in 2.1.10...

CVE-2025-31722

In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...

CVE-2025-31722

In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...

CVE-2024-39780 Use of unsafe yaml load in dynparam

A YAML deserialization vulnerability was found in the Robot Operating System ROS 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load functi...

CVE-2025-31132

Raven is an open-source messaging platform. A vulnerability allowed any logged in user to execute code via an API endpoint. This vulnerability is fixed in 2.1.10...

CVE-2025-31132 Raven allows Remote Code Execution due to improper validation

Raven is an open-source messaging platform. A vulnerability allowed any logged in user to execute code via an API endpoint. This vulnerability is fixed in 2.1.10...

CVE-2025-30672 Mite for Perl generates code with an untrusted search path vulnerability

Mite for Perl before 0.013000 generates code with the current working directory '.' added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code...

MetaCPAN Sub::HandlesVia 代码问题漏洞

MetaCPAN Sub::HandlesVia is a library of the MetaCPAN Foundation. A code issue vulnerability exists in versions prior to MetaCPAN Sub::HandlesVia 0.050002 that stems from allowing untrusted code to be loaded from the current working directory, which could lead to the execution of arbitrary code...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apache Tomcat

" CVE-2024-50379" CVE-2024-50379 là một lỗ hổng bảo mật nghi...

CVE-2024-45354

A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2025-28256

An issue in TOTOLINK A3100R V4.1.2cu.5247B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cstemodules/wireless.so...

CVE-2024-45351

A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-45354

A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-45354 xiaomi shop application Webview has code execution vulnerability

A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-45354

CVE-2024-45354 affects the Xiaomi shop application (product) where the root cause is improper input validation in a code path handling user-supplied data, enabling potential remote code execution. The CVSS 3.1 metrics indicate Network access with low attack complexity, no privileges required, use...

CVE-2024-45354 xiaomi shop application Webview has code execution vulnerability

A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...