CVE-2025-2531 Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visi...

PT-2025-12839 · Carlinkit · Carlinkit Cpc200-Ccpa

Name of the Vulnerable Software and Affected Versions: CarlinKit CPC200-CCPA affected versions not specified Description: The issue is related to an improper verification of cryptographic signature, which can lead to code execution. Recommendations: At the moment, there is no information about a...

LoLLMS Code Injection vulnerability

A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...

CVE-2024-7764 SQL Injection in vanna-ai/vanna

Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting additional SQL commands from user requests. The vulnerability occurs when the generatesql function calls extractsql with the LLM response. An attacker can include a semi-colon between a search data fie...

CVE-2024-12029

Summary: CVE-2024-12029 affects invoke-ai/invokeai prior to 5.4.3, via unsafe deserialization in the /api/v2/models/install API, leading to remote code execution when loading model files through torch.load. Affected software: invoke-ai/invokeai, versions 5.3.1 through 5.4.2 (and up to 5.4.2 per s...

CVE-2025-27780 Applio allows unsafe deserialization in model_information.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...

CVE-2024-10442

CVE-2024-10442 affects Synology Replication Service and Synology Unified Controller (DSMUC). The vulnerability is an off-by-one error in the transmission component that can allow remote attackers to execute arbitrary code. Affected versions include Replication Service before 1.0.12-0066, 1.2.2-03...

CVE-2025-29401

CVE-2025-29401 is an arbitrary file upload vulnerability affecting emlog pro v2.5.7 in the /views/plugin.php component. The issue allows an attacker to upload a crafted PHP file and achieve remote code execution (RCE). The CVSS 3.1 vector indicates network access, no privileges required, no user ...

CVE-2025-29401

An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-29401

An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-29405

An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5. allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-25589

An XML external entity XXE injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file...

CVE-2025-30076

Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter...

RLSA-2024:10218 Moderate: perl-App-cpanminus security update

Why? It's dependency free, requires zero configuration, and stands alone but it's maintainable and extensible with plug-ins and friendly to shell scripting. When running, it requires only 10 MB of RAM. Security Fixes: perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution...

gnome-shell and gnome-shell-extensions security update

An update is available for gnome-shell-extensions. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GNOME Shell acts as a compositing manager for the desktop, and...

RLSA-2025:1309 Moderate: gcc-toolset-13-gcc security update

The gcc-toolset-13-gcc13 package contains the GNU Compiler Collection version 13. Security Fixes: jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

RLSA-2024:9114 Moderate: gnome-shell and gnome-shell-extensions security update

GNOME Shell acts as a compositing manager for the desktop, and displays both application windows and other objects. It provides core interface functions like switching windows, launching applications, and notifications. It takes advantage of the capabilities of modern graphics hardware and...

CVE-2024-48013

Dell SmartFabric OS10 Software, versions 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contains an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges...

CVE-2024-48013

CVE-2024-48013 affects Dell SmartFabric OS10 Software (versions 10.5.4.x–10.6.0.x). The issue is an Execution with Unnecessary Privileges vulnerability that allows a low-privileged, remote attacker to achieve Elevation of Privileges. According to the available documents, the exploitation status i...

CVE-2025-0828 Stored Cross-site Scripting (XSS) vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x

A stored Cross-site Scripting XSS vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...