Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...

RHEL 9 : golang (RHSA-2025:13935)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13935 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For...

RHEL 10 : golang (RHSA-2025:13941)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13941 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For...

CVE-2025-8105 Soledad <= 8.6.7 - Unauthenticated Arbitrary Shortcode Execution

The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.6.7. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-18819)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which is caused due to an error when opening a specially crafted file. An attacker could exploit this vulnerability to execute arbitrary code on t...

Microsoft Word Code Execution Vulnerability (CNVD-2025-18826)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. Microsoft Word Code Execution Vulnerability, the vulnerability is caused due to incorrect conversion between number types. An attacker could exploit this vulnerability to execute arbitrary co...

WordPress B Slider - Gutenberg Slider Block for WP plugin code execution vulnerability

WordPress B Slider - Gutenberg Slider Block for WP plugin is a core editor plugin that comes with WordPress and is part of the Gutenberg editor that was introduced in WordPress version 5.9. A code execution vulnerability exists in WordPress B Slider- Gutenberg Slider Block for WP plugin, which...

CVE-2012-10054

Umbraco CMS

Apple macOS Sequoia code execution vulnerability (CNVD-2025-19511)

Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia suffers from a code execution vulnerability that is caused due to an error in the model I/O component when opening a specially crafted file. An attacker can exploit the vulnerability to execute...

NVIDIA Triton Inference Server Code Execution Vulnerability (CNVD-2025-20011)

NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. A code execution vulnerability exists in NVIDIA Triton Inference Server, which can be exploited by attackers to execute arbitrary code, cau...

Microsoft Excel 资源管理错误漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which is caused by free use when opening specially crafted files. An attacker can exploit the vulnerability to execute arbitrary code on the syste...

CVE-2025-55077

Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment...

CVE-2025-48913

CVE-2025-48913 affects Apache CXF where untrusted users configuring JMS could exploit RMI/LDAP URLs to achieve code execution. The issue arises from CXF JMS configuration allowing unsafe protocols; the interface now rejects those protocols to remove the possibility of remote code execution. Publi...

CVE-2025-8655

Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific...

The vulnerability of embedded software developed by Qualcomm, related to unverified array indexing, allows a hacker to execute arbitrary code.

The vulnerability of microprogramming software in embedded Qualcomm chips is related to unverified array indexing. Exploiting this vulnerability can allow attackers to execute arbitrary code...

PT-2025-32398 · Xoda · Xoda

Name of the Vulnerable Software and Affected Versions: XODA version 0.4.5 Description: XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to...

CVE-2025-54949

CVE-2025-54949 describes a heap buffer overflow in ExecuTorch model loading, potentially enabling code execution or other destructive effects. Affected software: ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be. Public metrics list a CVSS v3.1 base score of 9.8 (CRITICAL) with ...

Linux Distros Unpatched Vulnerability : CVE-2018-6508

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the factertask or puppetco...

CVE-2025-8655 Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability

Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific...

CVE-2025-8654 Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability

Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific fla...