EUVD-2023-2283

Malicious code in bioql PyPI...

CVE-2025-49832

CVE-2025-49832 affects Asterisk (open source PBX/telephony toolkit). The vulnerability lies in the file asterisk/res/res_stir_shaken/verification.c, enabling remote DoS and possible RCE under two conditions: (1) an attacker can set an arbitrary Identity header, or (2) STIR/SHAKEN is enabled with ...

PT-2025-20888

Name of the Vulnerable Software and Affected Versions Bosch Infotainment ECU versions affected versions not specified Description The Infotainment ECU, manufactured by Bosch, utilizes an RH850 module for CAN communication. The RH850 module connects to the infotainment system via the INC interface...

PT-2025-20891

Name of the Vulnerable Software and Affected Versions Bosch Infotainment ECU versions affected versions not specified Description A flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue is due to a lack of proper boundary validati...

PT-2025-16332

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...

CVE-2024-51774

A flaw was found in qBittorrent's DownloadManager component. This vulnerability allows remote code execution via improper validation of SSL/TLS certificates, enabling attackers to perform man-in-the-middle and RCE attacks...

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

SolarWinds has released fixes to address two security flaws in its Access Rights Manager ARM software, including a critical vulnerability that could result in remote code execution. The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It...

AI Python Package Flaw ‘Llama Drama’ Threatens Software Supply Chain

By Waqas The Llama Drama vulnerability in the Llama-cpp-Python package exposes AI models to remote code execution RCE attacks, enabling attackers to steal data. Currently, over 6,000 models are affected by this vulnerability. This is a post from HackRead.com Read the original post: AI Python...

Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining

Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. "The attackers...

Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!

The maintainers of the open-source continuous integration/continuous delivery and deployment CI/CD automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution RCE. The issue, assigned the CVE...

Quick Quiz 2.4 File Upload - Remote Code Execution Vulnerability

Title: Quick-Quiz-2.4 File Upload - RCE Author: nu11secur1ty Vendor: https://mediacity.co.in/mediacity/ Software: https://codecanyon.net/item/quick-quiz-laravel-quiz-and-exam-system/21117633?srank=14 Reference: https://portswigger.net/web-security/file-upload,...

Click Stocks 1.3 - File Upload Remote Code Execution Vulnerability

Title: Click Stocks-1.3 - File Upload - RCE Author: nu11secur1ty Vendor: https://codecanyon.net/user/media-city Software: https://codecanyon.net/item/click-stocks-free-stock-photos-laravel-script/23356416 Reference: https://portswigger.net/web-security/file-upload,...

GNOME Linux Systems Exposed to 1-Click RCE Attacks

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A new security vulnerability, known as CVE-2023-43641, has been identified in the libcue library. This library is utilized by Tracker Miners and is shipped along with the GNOME desktop environment...

CVE-2023-27604

Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...

CVE-2023-27604

Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...

Authorization

Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...

Apache Airflow JDBC Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s Connection URL parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission...

CVE-2023-22886

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s Connection URL parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission...

Why Attackers Target the Government Industry

Key Takeaways: Government sites are full of information attackers want, so it’s crucial to defend them properly. DDoS is an easy tool for attackers to use to disrupt government sites, which can have far-reaching consequences, as we saw early in the Russia-Ukraine war. Remote code execution RCE...

Remote Code Execution in paginator

There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. Impact There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate...