CVE-2024-45354

A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-45354 xiaomi shop application Webview has code execution vulnerability

A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-45354 xiaomi shop application Webview has code execution vulnerability

A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-45354

CVE-2024-45354 affects the Xiaomi shop application (product) where the root cause is improper input validation in a code path handling user-supplied data, enabling potential remote code execution. The CVSS 3.1 metrics indicate Network access with low attack complexity, no privileges required, use...

CVE-2024-45352

An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-45352 Xiaomi smarthome application Webview has code execution vulnerability

An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-45352

CVE-2024-45352 affects the Xiaomi Smarthome application. A code execution vulnerability exists due to improper input validation in the internal API parser. The connected exploit document provides a PoC showing unauthenticated RCE via a crafted request to the local API (curl to /api/parse), implyi...

CVE-2024-45352 Xiaomi smarthome application Webview has code execution vulnerability

An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-45351

CVE-2024-45351 affects Xiaomi Game Center app. Connected documents indicate the flaw is due to improper input validation, enabling code execution. The risk details from CVSS v3.1 show LOCAL attack vector, LOW attack complexity, and user interaction required, with all three impact metrics (confide...

CVE-2024-45351 Game center application has code execution Vulnerability

A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-10724

A stored cross-site scripting XSS vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translations section when editing the Destination address. This vulnerability allows an attacker to execute malicious code. The issue is fixed in version 1.7.0...

GHSA-MCRP-WHPW-JP68 InvokeAI Deserialization of Untrusted Data vulnerability

A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers can exploit this by embedding malicious cod...

CVE-2024-12029

A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers can exploit this by embedding malicious cod...

CVE-2024-10724 Stored XSS in IPV6 Section in phpipam/phpipam

A stored cross-site scripting XSS vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translations section when editing the Destination address. This vulnerability allows an attacker to execute malicious code. The issue is fixed in version 1.7.0...

CVE-2024-10724

CVE-2024-10724 affects phpIPAM 1.5.2 (phpipam/phpipam). A stored XSS flaw exists in the Subnet NAT translations section when editing the Destination address, enabling injection of malicious code. The vulnerability is mitigated by upgrading to version 1.7.0 (fixed in 1.7.0). Connected sources conf...

REDAXO allows Arbitrary File Upload in the mediapool page

Summary An arbitrary file upload vulnerability was identified in the redaxo. This flaw permits users to upload malicious files, which can lead to JavaScript code execution and distribute malware. Details On the latest version of Redaxo, v5.18.2, the mediapool/media page is vulnerable to arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2019-3881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home...

CVE-2024-9150 Code Injection in Wyn Enterprise

Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An attacker is able use a low privileges account in order to abuse this functionality and execute malicious code, load DLL libraries and executing OS commands on a...

CVE-2024-9150

CVE-2024-9150 affects Wyn Enterprise: the report generation feature allows code inclusion beyond safe bounds, enabling a low-privilege user to abuse the functionality to execute malicious code, load DLLs, and run OS commands on a high-privilege host. The vulnerability arises from insufficient inp...

CVE-2025-26604

Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform damage or extract...