CVE-2025-53002

LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards,...

CVE-2025-53002

LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards,...

CVE-2025-53002 LLaMA-Factory Remote Code Execution (RCE) Vulnerability

LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards,...

CVE-2025-48825

RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL with custom code...

XWiki does not require right warnings for XClass definitions

Impact When an attacker without script or programming right creates an XClass definition in XWiki requires edit right, and that same document is later edited by a user with script, admin, or programming right, malicious code could be executed with the rights of the editing user without prior...

GHSA-59W6-R9HM-439H XWiki does not require right warnings for XClass definitions

Impact When an attacker without script or programming right creates an XClass definition in XWiki requires edit right, and that same document is later edited by a user with script, admin, or programming right, malicious code could be executed with the rights of the editing user without prior...

CVE-2025-49585 XWiki does not require right warnings for XClass definitions

XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when an attacker without script or programming right creates an XClass definition in XWiki requires edit right, and that same document is later edited by a user with script,...

CVE-2025-49585 XWiki does not require right warnings for XClass definitions

XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when an attacker without script or programming right creates an XClass definition in XWiki requires edit right, and that same document is later edited by a user with script,...

CVE-2025-49585

XWiki vulnerability CVE-2025-49585 affects multiple pre-patched releases: before 15.10.16, 16.0.0-rc-1 → 16.4.6, and 16.5.0-rc-1 → 16.10.1. An attacker with no script/programming rights can create an XClass definition (requires edit rights), and if the same document is later edited by someone wit...

CVE-2025-48825

RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL with custom code...

CVE-2025-48825

RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL with custom code...

PT-2025-25402 · Ricoh · Ricoh Streamline Nx V3 Pc Client

Name of the Vulnerable Software and Affected Versions: RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 Description: The issue is related to the use of a less trusted source, which may allow an attacker to conduct a man-in-the-middle attack, eavesdrop on upgrade requests, and execute a...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15635)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2024-41707

An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data stor...

CVE-2024-48396

AIML Chatbot 1.0 fixed in 2.0 is vulnerable to Cross Site Scripting XSS. The vulnerability is exploited through the message input field, where attackers can inject malicious HTML or JavaScript code. The chatbot fails to sanitize these inputs, leading to the execution of malicious scripts...

CVE-2023-41782

There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code...

CVE-2023-51072

A stored cross-site scripting XSS vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated us...

CVE-2023-5247

Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in...

CVE-2023-32072

Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 and 14.7-7, the logs of the triggered Jenkins job URLs are not properly escaped. A malicious Git...

CVE-2023-30789

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/work endpoint and job and company parameter...