CVE-2020-29625

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution...

CVE-2020-36655

Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file...

CVE-2020-20210

Bludit 3.9.2 is vulnerable to Remote Code Execution RCE via /admin/ajax/upload-images...

CVE-2019-20216

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because REMOTEPORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an...

CVE-2019-15642

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must...

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (May 2025)

This host is missing a critical security update according to Microsoft Office Click-to-Run update May 2025. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2025-30383 Microsoft Excel Remote Code Execution Vulnerability

...

EulerOS 2.0 SP10 : emacs (EulerOS-SA-2025-1506)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands o...

AMD SMM Vulnerabilities February 2025 Security Update

AMD has informed HP of potential vulnerabilities identified in some AMD client platform firmware components, which might allow arbitrary code execution. AMD is releasing firmware updates to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerabilities. HP has...

CVE-2025-30165

CVE-2025-30165 : In multi-node vLLM deployments using the V0 engine, a secondary host opens a SUB socket and deserializes inbound data with Python’s unsafe pickle over ZeroMQ XPUB/SUB, enabling remote code execution. The issue affects V0 deployments with tensor parallelism across hosts; V1 is una...

CVE-2023-42404

OneVision Workspace before WS23.1 SR1 build w31.040 allows arbitrary Java EL execution...

Exploit for CVE-2025-1974

CVE-2025-1974 화이트햇 스쿨 3기 - 김소은 @salt318 https://github...

D-Link DIR-832x 0x41dda8 Function Code Injection Vulnerability

The D-Link DIR-832x is a wireless router from China's AUO D-Link. A code injection vulnerability exists in the D-Link DIR-832x, which stems from the function 0x41dda8 failing to properly filter construct command special characters, commands, etc. An attacker can exploit this vulnerability to...

Python sandbox escape leading to Remote Code Execution (RCE)

Smolagents python sandbox escape leading to Remote Code Execution RCE Summary Smolagents is a barebones library for building agents that “ think in Python code ”—generating and executing Python as part of their reasoning process. Given this design, secure code execution is a critical backbone of...

CVE-2025-27746

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...

CVE-2025-30672

Mite for Perl before 0.013000 generates code with the current working directory '.' added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code...

CVE-2025-30213 Frappe has Possibility of Remote Code Execution due to improper validation

Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch for the vulnerability. There's no workaround; an...

(0Day) CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of update packages on USB drives. The issue resul...

CVE-2024-57348

Cross Site Scripting vulnerability in PecanProject pecan through v.1.8.0 allows a remote attacker to execute arbitrary code via the crafted payload to the hostname, sitegroupid, lat, lon and sitename parameters...

CVE-2025-25244

SAP Business Warehouse Process Chains allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding activities, such as data...