Delta Electronics COMMGR Code Execution Vulnerability

Delta Electronics COMMGR is a communication management software from Delta Electronics China. A code execution vulnerability exists in Delta Electronics COMMGR that stems from insufficient randomness in session ID generation, which can be exploited by an attacker to brute-force break the session ...

GHSA-3922-2R6R-R4FV MCMS allows arbitrary file uploads in the ueditor component

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2025-29659

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...

Command Execution Vulnerability in NX15000 of Xinhua San Technologies Co.

The NX15000 is a high-end router. A command execution vulnerability exists in the NX15000 of Xinhua San Technologies Limited, which can be exploited by an attacker to execute arbitrary commands...

NETGEAR WNR854T addmap_exec function command execution vulnerability

The NETGEAR WNR854T is a wireless router from NETGEAR. A command execution vulnerability exists in the NETGEAR WNR854T version 1.5.2, which stems from the addmapexec function failing to properly filter constructor command special characters, commands, and more. An attacker can exploit this...

CVE-2025-29287

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...

[slackware-security] zsh

New zsh packages are available for Slackware 15.0 to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/zsh-5.9-i586-1slack15.0.txz: Upgraded. This release fixes a security issue in zsh-5.8: Some prompt expansion sequences, such as %F, support 'argument...

Exploit for Code Injection in Dgorissen Pycel

CVE-2024-53924 - Description: Pycel through 1.0b30, when oper...

CVE-2024-40070

Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via idgenerator/classes/Users.php?f=save. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2025-31200

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware ...

GHSA-2689-CW26-6CPJ Whoogle allows attackers to execute arbitrary code via supplying a crafted search query

An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query...

CVE-2024-40070

CVE-2024-40070 affects Sourcecodester Online ID Generator System 1.0. The issue is an arbitrary file upload vulnerability at id_generator/classes/Users.php?f=save that allows an attacker to execute arbitrary PHP code by uploading a crafted file. The connected documents provide concrete details ab...

CVE-2024-53304

An issue in LRQA Nettitude PoshC2 after commit 09ee2cf allows unauthenticated attackers to connect to the C2 server and execute arbitrary commands via posing as an infected machine...

Command Execution Vulnerability in the Management Server of Guangdong Paulan Electronics Co.

Ltd. is a high-tech enterprise integrating R&D, design, production, sales and service of audio-visual system overall solution products. There is a command execution vulnerability in the itc center management server of Guangdong Paulan Electronics Co., Ltd, which can be exploited by attackers to...

RHEL 6 / 7 : rh-java-common-apache-commons-collections (RHSA-2015:2523)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:2523 advisory. The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections...

CVE-2025-24797 Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow

Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...

Adobe FrameMaker heap buffer overflow vulnerability (CNVD-2025-07243)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A heap buffer overflow vulnerability exists in Adobe FrameMaker, which can be exploited by an attacker to execute...

Command Execution Vulnerability in e-cology of Shanghai Panmicro Network Technology Co. Ltd (CNVD-2025-07886)

e-cology is an enterprise-level collaborative office automation system that provides comprehensive informatization solutions mainly for medium and large enterprises. It is characterized by intelligence, platform and full digitalization, aiming to improve the efficiency and management level of the...

[SECURITY] [DLA 4126-1] jinja2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4126-1 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro April 13, 2025 https://wiki.debian.org/LTS -...

CVE-2024-56406

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the tr operator, Sdotransinvmap can overflow the destination...