551 matches found
EUVD-2025-4492
Malicious code in bioql PyPI...
EUVD-2025-23175
Malicious code in bioql PyPI...
EUVD-2022-53092
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-44444
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...
CVE-2025-8655
Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific...
CVE-2025-8655 Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability
Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific...
CVE-2025-8654 Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability
Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific fla...
CVE-2025-8653 Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability
Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR. Authentication is not required to exploit this vulnerability. The specific...
CVE-2025-8649
CVE-2025-8649 affects Kenwood DMX958XR, specifically the JKWifiService . The vulnerability stems from insufficient validation of a user-supplied string before it is used to execute a system call, allowing a local attacker with physical access to run code as root. Reports indicate a command inject...
CVE-2025-34143 ETQ Reliance CG Authentication Bypass via Trailing Space RCE
An authentication bypass vulnerability exists in ETQ Reliance on the CG legacy platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login pag...
CVE-2025-7285
CVE-2025-7285 concerns IrfanView CADImage Plugin where DXF file parsing lacks proper validation, triggering memory corruption. The vulnerability can permit remote code execution in the context of the affected process, with user interaction required (target must open a malicious DXF/page). Public ...
CVE-2025-7239
CVE-2025-7239 affects the IrfanView CADImage Plugin. The vulnerability is a memory corruption flaw in DWG file parsing that can lead to remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The root cause is insufficient validation ...
CVE-2025-7249
CVE-2025-7249 affects IrfanView CADImage Plugin and is a DWG file parsing memory corruption vulnerability. The flaw stems from insufficient validation of DWG data, enabling remote code execution in the plugin’s process when a user opens a malicious DWG or visits a malicious page. Attack scenario ...
CVE-2025-7251
The CVE-2025-7251 entry concerns IrfanView CADImage Plugin, where a DWG file parsing flaw allows an out-of-bounds read that can lead to remote code execution. The issue stems from insufficient validation of user-supplied data in DWG parsing, enabling an attacker to execute code in the context of ...
Langflow 1.2.x - Remote Code Execution (RCE)
!/usr/bin/env python3 Exploit Title: Langflow 1.2.x - Remote Code Execution RCE Date: 2025-07-11 Exploit Author: Raghad Abdallah Al-syouf Vendor Homepage: https://github.com/logspace-ai/langflow Software Link: https://github.com/logspace-ai/langflow/releases Version: = 1.2.x Tested on: Ubuntu /...
CVE-2025-3946
The Honeywell Experion PKS and OneWireless WDM contains a Deployment of Wrong Handler vulnerability in the component Control Data Access CDA. An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in incorrect handling of packets leading t...
WordPress GB Forms DB plugin <= 1.0.2 - Unauthenticated Remote Code Execution vulnerability
Unauthenticated Remote Code Execution vulnerability discovered by CVEhunter in WordPress Plugin GB Forms DB versions = 1.0.2...
CVE-2025-49714 Visual Studio Code Python Extension Remote Code Execution Vulnerability
...
CVE-2025-49704 Microsoft SharePoint Remote Code Execution Vulnerability
...
CVE-2025-49669 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
...