551 matches found
CVE-2025-49672 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
...
CVE-2025-6794 Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability
Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw...
PT-2025-27276 · Marvell · Marvell Qconvergeconsole
Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole affected versions not specified Description: The issue concerns a deserialization of untrusted data remote code execution vulnerability in the readObjectFromConfigFile function. This allows for remote code execution...
CVE-2025-53002 LLaMA-Factory Remote Code Execution (RCE) Vulnerability
LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards,...
CVE-2025-53002 LLaMA-Factory Remote Code Execution (RCE) Vulnerability
LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards,...
CVE-2025-53002
Summary of CVE-2025-53002 (LLaMA-Factory) : A remote code execution vulnerability was reported in LLaMA-Factory up to version 0.9.3 during training. The root cause is loading the vhead_file without the secure parameter weights_only=True, enabling an attacker to execute arbitrary code by supplying...
CVE-2025-53002 LLaMA-Factory Remote Code Execution (RCE) Vulnerability
LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards,...
CVE-2025-49003
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threa...
CVE-2025-49003 Dataease H2 JDBC Connection Remote Code Execution
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threa...
CVE-2025-6647 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must vis...
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
CVE-2025-49217
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method...
CVE-2025-49217
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method...
CVE-2025-49214
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this...
PT-2025-25304 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue concerns a remote code execution vulnerability. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where...
CVE-2025-47166 Microsoft SharePoint Server Remote Code Execution Vulnerability
...
CVE-2025-47164 Microsoft Office Remote Code Execution Vulnerability
...
CVE-2025-33071 Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
...
CVE-2025-33066 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
...
Description of the security update for Word 2016: June 10, 2025 (KB5002710)
Description of the security update for Word 2016: June 10, 2025 KB5002710 Summary This security update resolves a Microsoft Word remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and Exposures...