Lucene search
K

45 matches found

Nuclei
Nuclei
added 7 hours ago48 views

XStream <1.4.16 - Remote Code Execution

XStream before 1.4.16 is susceptible to remote code execution. An attacker can load and execute arbitrary code from a remote host via manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative...

9.1CVSS7.2AI score0.82136EPSS
Exploits1References5
Nuclei
Nuclei
added 3 days ago68 views

Lucee Admin - Remote Code Execution

Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 contains an unauthenticated remote code execution vulnerability. id: CVE-2021-21307 info: name: Lucee Admin - Remote Code Execution author: dhiyaneshDk severity: critical description: Lucee Admin before versions 5.3.7.47, 5.3.6.68 or...

9.8CVSS7.8AI score0.89189EPSS
Exploits5References5
CVE
CVE
added 6 days ago15 views

CVE-2025-71345

The CVE describes a vulnerability in the Python package picklescan where versions prior to 0.0.30 fail to detect malicious pickle files that invoke the function torch.utils.bottleneck.main .run_autograd_prof . This can allow attackers to embed code in pickle data that executes during deserializat...

8.1CVSS6.3AI score0.00427EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-399 LlamaIndex Retrievers Integration: DuckDBRetriever SQL Injection

A SQL injection vulnerability exists in the duckdbretriever component of the run-llama/llamaindex repository, specifically in llama-index-retrievers-duckdb-retriever prior to v0.4.0. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an...

9.8CVSS8AI score0.01311EPSS
Exploits1References6
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.44 views

VMware Workspace ONE Access - Server-Side Template Injection

VMware Workspace ONE Access is susceptible to a remote code execution vulnerability due to a server-side template injection flaw. An unauthenticated attacker with network access could exploit this vulnerability by sending a specially crafted request to a vulnerable VMware Workspace ONE or Identit...

10CVSS9.4AI score0.99997EPSS
Exploits25References4
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.34 views

PT-2026-48437

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...

9.9CVSS6.5AI score0.00439EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-44513

A flaw was found in Diffusers, a library for pretrained diffusion models. A remote attacker could exploit a bypass in the trustremotecode mechanism within the DiffusionPipeline.frompretrained function. This vulnerability allows for arbitrary remote code execution, even when the user explicitly se...

8.8CVSS6.1AI score0.00865EPSS
Exploits1References4
NVD
NVD
added 2026/05/28 7:16 p.m.11 views

CVE-2026-4944

vllm-project/vllm version 0.14.1 contains a vulnerability where the trustremotecode=True parameter is hardcoded in two model implementation files vllm/modelexecutor/models/nemotronvl.py and vllm/modelexecutor/models/kimik25.py. This bypasses the user's explicit --trust-remote-code=False setting,...

8.8CVSS0.00747EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 2:58 a.m.45 views

CVE-2026-27648 web_webview has an out-of-bounds write vulnerability

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...

8.8CVSS0.00552EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/29 6:52 a.m.146 views

Exploit for CVE-2026-42167

CVE-2026-42167 — ProFTPD modsql SQL Injection / Auth Bypass...

8.1CVSS6.2AI score0.04282EPSS
Exploits7
NVD
NVD
added 2026/03/25 3:16 p.m.5 views

CVE-2025-59707

In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of a spoofing vulnerability...

9.8CVSS0.00527EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/10 9:32 p.m.5 views

EUVD-2026-10842

In mfchandlereleasedbuf of mfccoreisr.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

6.3AI score0.00306EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/10 12:29 a.m.6 views

SUSE CVE-2026-3086

GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

7.8CVSS6.3AI score0.00421EPSS
Exploits0References3
Amazon
Amazon
added 2026/03/06 12:0 a.m.7 views

Important: gegl

Issue Overview: The rgbereadnewrle function in gegl/libs/rgbe/rgbe.c has a heap buffer overflow vulnerability during HDR image parsing that may allow remote code execution. CVE-2026-2049 When parsing an HDR image file, the function rgbereadnewrle gegl/libs/rgbe/rgbe.c contains HEAP Based Buffer...

6.4AI score0.00615EPSS
Exploits0
NVD
NVD
added 2025/09/18 9:15 p.m.8 views

CVE-2025-57293

A command injection vulnerability in COMFAST CF-XR11 firmware V2.7.2 exists in the multipppoe API, processed by the sub423930 function in /usr/bin/webmgnt. The phyinterface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST request to...

8.8CVSS0.01679EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/08/12 2:33 p.m.4 views

CVE-2025-8296

SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution...

7.2CVSS8.9AI score0.01138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:20 a.m.4 views

CVE-2024-32905

In circread of linkdevicememorylegacy.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS7.9AI score0.00325EPSS
Exploits0References1
OSV
OSV
added 2025/05/06 8:6 p.m.4 views

USN-7490-2 libsoup2.4 regression

USN-7490-1 fixed vulnerabilities in libsoup. It was discovered that the fix for CVE-2025-32912 was incomplete. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request...

6.5CVSS5.9AI score0.00395EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/11/14 12:0 a.m.5 views

Vulnerability of the array_append, array_prepend, and array_subscript_handler functions in the PostgreSQL database management system, related to integer overflow during array modifications, allowing attackers to execute arbitrary code.

The vulnerability of the arrayappend, arrayprepend, and arraysubscripthandler functions in the PostgreSQL database management system is related to integer overflow during array modification. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

9CVSS7.8AI score0.04322EPSS
Exploits0References22Affected Software12
BDU FSTEC
BDU FSTEC
added 2023/10/10 12:0 a.m.7 views

The vulnerability of the SetTriggerPPPoEValidate() function in the D-Link DIR-3040 wireless router’s microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the SetTriggerPPPoEValidate function in the D-Link DIR-3040 wireless router software lies in the fact that the operation’s output escapes the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted HNAP...

7.7CVSS7.3AI score0.00705EPSS
Exploits0References4
Rows per page
Query Builder