CVE-2024-45352

An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-45352

CVE-2024-45352 affects the Xiaomi Smarthome application. A code execution vulnerability exists due to improper input validation in the internal API parser. The connected exploit document provides a PoC showing unauthenticated RCE via a crafted request to the local API (curl to /api/parse), implyi...

CVE-2024-45352 Xiaomi smarthome application Webview has code execution vulnerability

An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-45352 Xiaomi smarthome application Webview has code execution vulnerability

An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

PT-2025-13026 · Xiaomi · Xiaomi Smarthome Application

Name of the Vulnerable Software and Affected Versions: Xiaomi smarthome application affected versions not specified Description: A code execution issue exists due to improper input validation, allowing attackers to execute malicious code. Recommendations: At the moment, there is no information...

CVE-2024-45351

CVE-2024-45351 affects Xiaomi Game Center app. Connected documents indicate the flaw is due to improper input validation, enabling code execution. The risk details from CVSS v3.1 show LOCAL attack vector, LOW attack complexity, and user interaction required, with all three impact metrics (confide...

CVE-2024-45351 Game center application has code execution Vulnerability

A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2025-2531

Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visi...

CVE-2025-2531 Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visi...

PT-2025-12839 · Carlinkit · Carlinkit Cpc200-Ccpa

Name of the Vulnerable Software and Affected Versions: CarlinKit CPC200-CCPA affected versions not specified Description: The issue is related to an improper verification of cryptographic signature, which can lead to code execution. Recommendations: At the moment, there is no information about a...

LoLLMS Code Injection vulnerability

A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...

CVE-2024-12029

Summary: CVE-2024-12029 affects invoke-ai/invokeai prior to 5.4.3, via unsafe deserialization in the /api/v2/models/install API, leading to remote code execution when loading model files through torch.load. Affected software: invoke-ai/invokeai, versions 5.3.1 through 5.4.2 (and up to 5.4.2 per s...

CVE-2025-27780 Applio allows unsafe deserialization in model_information.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...

CVE-2025-29401

An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-29405

An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5. allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-29401

CVE-2025-29401 is an arbitrary file upload vulnerability affecting emlog pro v2.5.7 in the /views/plugin.php component. The issue allows an attacker to upload a crafted PHP file and achieve remote code execution (RCE). The CVSS 3.1 vector indicates network access, no privileges required, no user ...

CVE-2025-29401

An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-25589

An XML external entity XXE injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file...

RLSA-2025:1309 Moderate: gcc-toolset-13-gcc security update

The gcc-toolset-13-gcc13 package contains the GNU Compiler Collection version 13. Security Fixes: jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

gnome-shell and gnome-shell-extensions security update

An update is available for gnome-shell-extensions. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GNOME Shell acts as a compositing manager for the desktop, and...