CVE-2024-14010

Typora 1.7.4 contains a command injection vulnerability in the PDF export preferences that allows attackers to execute arbitrary system commands. Attackers can inject malicious commands into the 'run command' input field during PDF export to achieve remote code execution...

Race Condition

Agno is vulnerable to a race condition. The vulnerability is due to improper handling of sessionstate under high concurrency during run or arun calls, which allows an attacker to cause session data to be incorrectly assigned and persisted, potentially exposing one user's session data to another...

EUVD-2024-55353

Typora 1.7.4 contains a command injection vulnerability in the PDF export preferences that allows attackers to execute arbitrary system commands. Attackers can inject malicious commands into the 'run command' input field during PDF export to achieve remote code execution...

CVE-2024-14010

Typora 1.7.4 is affected by a command injection vulnerability in the PDF export preferences. The flaw allows an attacker to inject arbitrary commands via the run command input field during PDF export, enabling remote code execution. Affected component: Typora PDF export settings. Root cause: unva...

CVE-2025-56087

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the runtcpdump in file /usr/lib/lua/luci/controller/admin/commontcpdump.lua...

PT-2025-50602

A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the devic...

Security Updates for Microsoft Word Products C2R (December 2025)

The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple remote code execution vulnerabilities that attackers can exploit to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for these issues but has instead...

CVE-2025-56087

CVE-2025-56087 affects Ruijie RG-BCR RG-BCR600W. The OS Command Injection exists in the run_tcpdump handling path: /usr/lib/lua/luci/controller/admin/common_tcpdump.lua, due to unvalidated input in the POST to run_tcpdump. This yields arbitrary command execution with high impact (per CVSS: Networ...

EUVD-2025-202422

A potential DLL hijacking vulnerability was reported in Lenovo One Client during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges...

PT-2025-50557

Name of the Vulnerable Software and Affected Versions Cybersecurity AI CAI versions 0.5.9 and below Description Cybersecurity AI CAI is an open-source framework for building and deploying AI-powered offensive and defensive automation. The run ssh command with credentials function is susceptible t...

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Dec 2025)

This host is missing a critical security update according to Microsoft Office Click-to-Run update December 2025. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

PT-2025-50331

An improper permissions vulnerability was reported in Lenovo Baiying Client that could allow a local authenticated user to execute code with elevated privileges...

Arbitrary Command Injection

Overview cai-framework is a Cybersecurity AI Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the runsshcommandwithcredentials function. An attacker can execute arbitrary commands on the host system by supplying crafted values for the username, host, o...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal in the untar process. An attacker can execute arbitrary code with elevated privileges by crafting a malicious archive containing symbolic links that overwrite critical files such as /var/run/argo/argoexec, which...

Neuron MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)

Impact MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause...

GHSA-898V-775G-777C Neuron MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)

Impact MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause...

Description of the security update for Office 2016: December 9, 2025 (KB5002812)

Description of the security update for Office 2016: December 9, 2025 KB5002812 Summary This security update resolves a Microsoft Access Remote Code Execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-62552. ​​​​​​​ Note: To...

Description of the security update for Office 2016: December 9, 2025 (KB5002819)

Description of the security update for Office 2016: December 9, 2025 KB5002819 Summary This security update resolves a Microsoft Office Remote Code Execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and Exposures...

PT-2025-49812

A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected...

SUSE CVE-2025-40281

In the Linux kernel, the following vulnerability has been resolved: sctp: prevent possible shift-out-of-bounds in sctptransportupdaterto syzbot reported a possible shift-out-of-bounds 1 Blamed commit added rtoalphamax and rtobetamax set to 1000. It is unclear if some sctp users are setting very...