CVE-2025-45800

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cstemodules/global.so library, specifically in the processing of the deviceMac parameter...

CVE-2025-46566

DataEase CVE-2025-46566 affects the open-source BI tool; authenticated users could achieve RCE via the backend JDBC link due to validation issues in the JDBC path. The vulnerability is addressed in version 2.10.9, with Red Hat/OSV notes indicating a bypass risk before 2.10.10 and that 2.10.10 con...

CVE-2025-32444 vLLM Vulnerable to Remote Code Execution via Mooncake Integration

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerab...

CVE-2015-2079

Usermin 0.980 through 1.x before 1.660 allows uconfigsave.cgi sigfilefree remote code execution because it uses the two argument not three argument form of Perl open...

CVE-2025-28039

TOTOLINK EX1200T V4.1.2cu.5232B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter...

CVE-2024-40446

An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script...

CVE-2024-53636

An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System SIS EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath parameter...

CVE-2025-2764

CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Although authentication is required to exploit...

Command Execution Vulnerability in UFIDA U8Cloud at UFIDA Network Technology Co.

UFIDA U8Cloud is an enterprise-level ERP used to assist companies in achieving efficient and digitalized business collaboration and process management. A command execution vulnerability exists in UFIDA U8Cloud, which can be exploited by an attacker to execute arbitrary commands...

PT-2025-17930 · Unknown · Filez Client

Name of the Vulnerable Software and Affected Versions: FileZ client affected versions not specified Description: A cross-site scripting issue was reported in the FileZ client, which could allow code execution if a local user visits a crafted URL. Recommendations: At the moment, there is no...

TOTOLINK EX1200T Code Execution Vulnerability

The TOTOLINK EX1200T is a dual-band wireless signal amplifier that is primarily used to extend the coverage of an existing wireless network. A code execution vulnerability exists in the TOTOLINK EX1200T. The vulnerability stems from the FileName parameter in the setUpgradeFW function for...

Apple Security Advisory 04-16-2025-2

Apple Security Advisory 04-16-2025-2 - macOS Sequoia 15.4.1 addresses bypass and code execution vulnerabilities...

Apple Security Advisory 04-16-2025-1

Apple Security Advisory 04-16-2025-1 - iOS 18.4.1 and iPadOS 18.4.1 addresses bypass and code execution vulnerabilities...

CVE-2025-2764

CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Although authentication is required to exploit...

CVE-2025-2764

CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Although authentication is required to exploit...

CVE-2025-1049

Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-2764 CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability

CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Although authentication is required to exploit...

CVE-2025-2763 CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability

CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this...

CVE-2025-2763 CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability

CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this...

BIT-PYTORCH-2025-32434 PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...