CVE-2024-36349

A transient execution vulnerability in some AMD processors may allow a user process to infer TSCAUX even when such a read is disabled, potentially resulting in information leakage...

Microsoft SharePoint Remote Code Execution Vulnerability

Improper control of generation of code 'code injection' in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

PT-2025-28572 · Microsoft · Windows Nt Rras +1

Name of the Vulnerable Software and Affected Versions: Windows Routing and Remote Access Service RRAS affected versions not specified Description: The issue is related to a heap-based buffer overflow in the Windows Routing and Remote Access Service RRAS, which allows an unauthorized attacker to...

Microsoft Office 安全漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

Siemens SINEC NMS unZipJarFilestoLocation Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens SINEC NMS. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementation of the...

Adobe Experience Manager 6.0.0.0.0.0 < 6.5.0.0.20250527.0 Arbitrary code execution (APSB25-67)

The version of Adobe Experience Manager installed on the remote host is prior to 6.5.0.0.20250527.0. It is, therefore, affected by a vulnerability as referenced in the APSB25-67 advisory. - Adobe Experience Manager MS versions 6.5.23.0 and earlier are affected by a Deserialization of Untrusted Da...

CVE-2025-6794 Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability

Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw...

(0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PM...

BIT-LIMESURVEY-2024-42902

An issue in the jslocalize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the jslocalize.php function...

CVE-2025-49809

mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTRPACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries...

Improper Command Execution Control

github.com/filebrowser/filebrowser is vulnerable to improper command execution control. The vulnerability is due to the misuse of the command execution feature that relies on a predefined allowlist, which can be bypassed using standard commands that support subcommand execution, allowing attacker...

File Browser: Command Execution not Limited to Scope

!NOTE This feature has been disabled by default for all installations from v2.33.8 onwards, including for existent installations. To exploit this vulnerability, the instance administrator must turn on a feature and ignore all the warnings about known vulnerabilities. We're publishing this new...

CVE-2023-28912 Cleartext Phonebook Information

The MIB3 unit stores the synchronized phone contact book in clear-text, allowing an attacker with either code execution privilege on the system or physical access to the system to obtain vehicle owner's contact data. The vulnerability was originally discovered in Skoda Superb III car with MIB3...

PT-2025-27276 · Marvell · Marvell Qconvergeconsole

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole affected versions not specified Description: The issue concerns a deserialization of untrusted data remote code execution vulnerability in the readObjectFromConfigFile function. This allows for remote code execution...

Autel MaxiCharger AC Wallbox Commercial Code Execution Vulnerability

Autel MaxiCharger AC Wallbox Commercial is a smart AI electric car charger from Autel USA. A code execution vulnerability exists in Autel MaxiCharger AC Wallbox Commercial, which can be exploited by an attacker to execute arbitrary code in the context of the device...

PDF-XChange Editor Code Execution Vulnerability (CNVD-2025-16301)

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. A code execution vulnerability exists in PDF-XChange Editor, which is caused by a lack of proper validation of user-supplied data. An attacker could exploit the vulnerability to execu...

CVE-2025-52904

CVE-2025-52904 affects Filebrowser (v2.32.0) where the Command Execution feature is not scoped per user, allowing shell commands to run with the server process UID and access files across all scopes, potentially exposing the password database and enabling unauthorized read/write access. The repor...

CVE-2025-53002

Summary of CVE-2025-53002 (LLaMA-Factory) : A remote code execution vulnerability was reported in LLaMA-Factory up to version 0.9.3 during training. The root cause is loading the vhead_file without the secure parameter weights_only=True, enabling an attacker to execute arbitrary code by supplying...

CVE-2025-53002 LLaMA-Factory Remote Code Execution (RCE) Vulnerability

LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards,...