CVE-2025-3248

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code...

CVE-2025-3248

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Valu...

CVE-2025-29063

An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/sethidessidcfg is not handled properly...

CVE-2025-3163

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has...

CVE-2025-3163

CVE-2025-3163 affects InternLM LMDeploy up to version 0.7.1. The vulnerability targets the function Open in lmdeploy/docs/en/conf.py, where input manipulation leads to arbitrary code execution. The issue enables a local-host attack, and public disclosure of the exploit is noted in multiple source...

CVE-2025-31334

WinRAR (Windows) is affected by CVE-2025-31334: versions prior to 7.11 are vulnerable to a Mark of the Web bypass when opening a specially crafted symbolic link to an executable, potentially allowing arbitrary code execution. Public exploit activity is noted in Nessus, and remediation guidance ac...

CVE-2025-29063

An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/sethidessidcfg is not handled properly...

Important: freetype

Issue Overview: FreeType 2.8.1 has a signed integer overflow in cf2doFlex in cff/cf2intrp.c. CVE-2025-23022 An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code...

CVE-2025-2794

creationtimestamp| type| source ---|---|--- 2025-03-31 16:33:10+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9689 2025-03-31 21:43:28+00:00| seen| https://t.me/cvedetector/21644 2025-08-10 18:27:44+00:00| seen| MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c 2025-09-10 07:47:56+00:00| seen|...

PT-2025-13571 · Cool-Path +1 · Cool-Path +1

Name of the Vulnerable Software and Affected Versions: janryWang depath version 1.0.6 janryWang cool-path version 1.1.2 Description: The vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties. This is achieved through a prototy...

CVE-2025-20229

creationtimestamp| type| source ---|---|--- 2025-03-26 22:25:33+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8996 2025-03-26 23:56:01+00:00| seen| https://t.me/cvedetector/21241 2025-03-28 12:11:46+00:00| seen| https://t.me/truesecator/6886 2025-04-07 05:53:24+00:00| seen|...

CVE-2024-21760

An improper control of generation of code 'Code Injection' vulnerability CWE-94 in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code...

CVE-2024-8238

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...

CVE-2024-10252

A vulnerability in langgenius/dify versions =v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. This vulnerability enables an attacker to execute arbitrary Python code with root privileges within the sandbox environment, potentially leading to the deletion of...

CVE-2024-10950

CVE-2024-10950 affects binary-husky/gpt_academic ≤ 3.83, via the CodeInterpreter plugin. The root cause is prompt injection that causes untrusted prompts to generate code executed without a sandbox, enabling remote code execution (RCE) on the application backend server. The described impact is fu...

CVE-2024-57061

Termius desktop client (versions 9.9.0–9.16.0) is affected by an issue where an insecure Electron Fuses configuration enables a physically proximate attacker to execute arbitrary code. Root cause: misconfigured Electron Fuses in the app, allowing code execution. Impact: high, with potential compr...

Apple macOS MOV File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MOV...

CVE-2025-27174

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

CVE-2024-12858

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2025-22880...

Microsoft Word Code Execution Vulnerability (CNVD-2025-09956)

Microsoft Word is a word processing software in the Office suite of the American Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...