CVE-2025-8653 Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability

Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR. Authentication is not required to exploit this vulnerability. The specific...

CVE-2025-8649

CVE-2025-8649 affects Kenwood DMX958XR, specifically the JKWifiService . The vulnerability stems from insufficient validation of a user-supplied string before it is used to execute a system call, allowing a local attacker with physical access to run code as root. Reports indicate a command inject...

CVE-2025-8645 Kenwood DMX958XR Firmware Update Command Injection Vulnerability

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...

CVE-2025-8640

The CVE-2025-8640 entry describes a command-injection vulnerability in Kenwood DMX958XR firmware update handling. The flaw arises from insufficient validation of a user-supplied string used to construct a system call, enabling a physically present attacker to run code as root without authenticati...

CVE-2025-53394

Paramount Macrium Reflect through 2025-06-26 allows attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx or .mrbax backup file and a renamed executable placed in the same directory. When a user with administrative privileges opens the crafted backup file and...

SAMSUNG Blockchain Keystore 安全漏洞

SAMSUNG Blockchain Keystore is a system tool for creating, storing, managing and backing up private keys from Samsung South Korea. A code execution vulnerability exists in SAMSUNG Blockchain Keystore, which can be exploited by an attacker to execute arbitrary code on the system...

CVE-2013-10070 PHP-Charts v1.0 PHP Code Execution

PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution...

PT-2025-32044 · Kenwood · Kenwood Dmx958Xr

Name of the Vulnerable Software and Affected Versions: Kenwood DMX958XR affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected Kenwood DMX958XR devices without authentication. The flaw resides in the firmware update proces...

PT-2025-32259 · Undefined · Undefined

CVE-2025-54980 - Adobe Flash Player Arbitrary Command Execution CVE ID : CVE-2025-54980 Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

CVE-2025-54564

uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user...

CVE-2025-53077

An execution after redirect in Samsung DMSData Management Server allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability...

(0Day) Ashlar-Vellum Cobalt CO File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

CVE-2025-7361

A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI using a CIN node. This vulnerability affects 32-bit NI LabVIEW 2025 Q1...

CVE-2025-53077

An execution after redirect in Samsung DMSData Management Server allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability...

CVE-2025-53077

An execution after redirect in Samsung DMSData Management Server allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability...

GO-2025-3793 File Browser: Command Execution not Limited to Scope in github.com/filebrowser/filebrowser

File Browser: Command Execution not Limited to Scope in github.com/filebrowser/filebrowser...

CVE-2023-53158

CVE-2023-53158 affects the Rust crate gix-transport (before 0.36.1). The issue enables command execution via the substring gix clone 'ssh://-oProxyCommand=open$IFS', i.e., an SSH command injection. Impact details in sources indicate local attack vector with low confidentiality/integrity impact an...

ALSA-2025:11797 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Large branch table could lead to truncated instruction CVE-2025-8028 firefox: thunderbird: Memory safety bugs CVE-2025-8035 firefox: thunderbird:...

CVE-2025-54416

tj-actions/branch-names is a Github actions repository that contains workflows to retrieve branch or tag names with support for all events. In versions 8.2.1 and below, a critical vulnerability has been identified in the tj-actions/branch-names' GitHub Action workflow which allows arbitrary comma...

CVE-2025-54414

Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...