Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2025-1101)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-35767

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through 1.4...

CVE-2024-57099

ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server...

CVE-2025-21107

Dell NetWorker, versions prior to 19.11.0.3, all versions of 19.10 & prior versions contains an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...

CVE-2024-0140

NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user could cause a deserialization of untrusted data issue. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

CVE-2025-24364

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Attacker with authenticated access to the vaultwarden admin panel can execute arbitrary code in the system. The attacker could then change some settings to use sendmail as mail agent but adjus...

CVE-2025-24360 Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...

CVE-2024-55971

SQL Injection vulnerability in the default configuration of the Logitime WebClock application = 5.43.0 allows an unauthenticated user to run arbitrary code on the backend database server...

7-Zip < 24.09 (ZDI-25-045)

The version of 7-Zip installed on the remote host is prior to 24.09. It is, therefore, affected by a vulnerability as referenced in the ZDI-25-045 advisory. - The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-We...

GHSA-C66P-64FJ-JMC2

creationtimestamp| type| source ---|---|--- 2025-01-16 22:56:31+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2074...

CVE-2025-22394

Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use TOCTOU Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and possibly privilege escalation...

CVE-2025-22394

Dell Display Manager (Windows) is affected by a TOCTOU race condition in versions prior to 2.3.2.18. A low-privileged local attacker could potentially exploit this to achieve code execution and possible privilege escalation. The connected sources confirm the vulnerability of the Dell Display Mana...

CVE-2025-21266 Windows Telephony Service Remote Code Execution Vulnerability

...

CVE-2025-21248

CVE-2025-21248 is a Windows Telephony Service Remote Code Execution vulnerability. The initial and connected documents confirm affected software: Windows Telephony Service component, with exploitable path over the network and required user interaction. CVSS v3.1 base score 8.8 (HIGH), with full i...

Windows Remote Desktop Services Remote Code Execution Vulnerability

...

Microsoft Office Remote Code Execution Vulnerability

...

CVE-2024-54724

PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion...

CVE-2024-55224

An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message...

CVE-2024-54724

PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion...

CVE-2024-54724

CVE-2024-54724 affects PHPYun prior to 7.0.2. The documented vulnerability allows code execution through backdoor‑restricted arbitrary file writing and file inclusion. Public sources indicate a high‑severity impact (CVSS v3.1: 9.8, CRITICAL, network access, no privileges required, no user interac...