CVE-2023-27352

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue...

CVE-2019-9189

Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...

CVE-2019-7269

Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution...

CVE-2017-18400

cPanel before 68.0.15 allows local root code execution via cpdavd SEC-333...

📄 ABB Cylon FLXeon 9.3.5 siteGuide.js Authenticated Root Remote Code Execution

The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated remote root code execution via the /api/siteGuide endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the filename and/or originalname parameters. The issue arises due to improper...

Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)

Overview In April of 2025, Rapid7 discovered and disclosed three new vulnerabilities affecting SonicWall Secure Mobile Access “SMA” 100 series appliances SMA 200, 210, 400, 410, 500v. These vulnerabilities are tracked as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821. An attacker with access ...

CVE-2025-2763

CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this...

CVE-2024-13861

A code injection vulnerability in the Debian package component of Taegis Endpoint Agent Linux versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems using RPM packages are not affected...

CVE-2025-1121

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image...

CVE-2025-1121

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image...

CVE-2025-1121

CVE-2025-1121 describes a privilege-escalation in Google ChromeOS: on devices running ChromeOS 15786.48.2, an attacker with physical access can craft a recovery image to gain root code execution and potentially unenroll enterprise-managed devices. Affected component: installer and recovery image ...

PT-2025-10016 · Google · Chrome Os

Name of the Vulnerable Software and Affected Versions: Google ChromeOS version 123.0.6312.112 Description: The issue allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image. This is a result of...

CVE-2022-3093

This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iceupdater update mechanism. The issue results from the lack of proper validation of user-supplied...

Parallels Desktop 后置链接漏洞

Parallels Desktop is a suite of virtual machine software for the macOS platform from US-based Parallels, Inc. Parallels Desktop suffers from a backlink vulnerability that stems from an issue in the Technical Data Reporter component, whereby the service can be abused to change the permissions of...

CVE-2024-23970 ChargePoint Home Flex Improper Certificate Validation

This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPTSSLVERIFYHOST setting. The issue...

CVE-2024-11946

iXsystems TrueNAS CORE fetchpluginpackagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to...

PT-2025-25573 · Google · Chrome Os

Name of the Vulnerable Software and Affected Versions: Google ChromeOS versions 16063.45.2 and potentially others Description: The issue allows a local attacker to gain root code execution via exploiting a debug shell accessible through specific key combinations during developer mode entry and...

Visteon Infotainment SQL注入漏洞

Visteon Infotainment is an automotive infotainment system from Visteon Corporation. Visteon Infotainment suffers from a SQL injection vulnerability that stems from improper validation of user-supplied strings when DeviceManager parses iAP serial numbers, which could lead to an attacker executing...

DEBIAN-CVE-2024-48992

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...

CVE-2024-44141

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A person with physical access to an unlocked Mac may be able to gain root code execution...