CVE-2024-6029

CVE-2024-6029 concerns the Tesla Model S Iris Modem firewall, where a race-condition flaw in the firewall service arises from a failure to obtain the xtables lock. This vulnerability allows network-adjacent attackers to bypass firewall rules without authentication. The issue is documented across ...

PT-2025-17248 · Imagination Technologies +1 · Graphics Ddk +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. Recommendations: At the...

Apache Commons Text 1.10.0 - Remote Code Execution

Exploit Title: Apache Commons Text 1.10.0 - Remote Code Execution Text4Shell - POST-based Date: 2025-04-17 Exploit Author: Arjun Chaudhary Vendor Homepage: https://commons.apache.org/proper/commons-text/ Software Link:https://repo1.maven.org/maven2/org/apache/commons/commons-text/ Version: Apache...

CVE-2025-27310

Missing Authorization vulnerability in Radius of Thought Page and Post Lister page-and-post-lister allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page and Post Lister: from n/a through = 1.2.1...

Car Rental Project 1.0 - Remote Code Execution

Exploit Title: Car Rental Project 1.0 - Remote Code Execution Date: 1/3/2020 Exploit Author: FULLSHADE, SC Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/car-rental-project-php-mysql-free-download/ Version: 1.0 Tested on: Windows CVE : CVE-2020-5509...

CVE-2025-21583

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.4.0 and 9.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

CVE-2025-3567

CVE-2025-3567 affects veal98 小牛肉 Echo 开源社区系统 v4.2. The vulnerability resides in the preHandle function of LoginTicketInterceptor.java (Ticket Handler). Manipulation leads to improper authorization and can be exploited remotely; public exploit information exists. Multiple sources corroborate the i...

Windows App Client < 2.0.379.0 RCE Vulnerability (Apr 2025) - Windows

Windows App Client is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

(Pwn2Own) Synology BeeStation BST150-4T Cleartext Transmission of Sensitive Information Vulnerability

This vulnerability allows network-adjacent attackers to spoof specific configuration values on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of configuration informatio...

CVE-2025-27082

Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlyin...

CVE-2025-2259

The TALOS report confirms a concrete vulnerability: Eclipse ThreadX NetX Duo HTTP server PUT handling can trigger an integer underflow in _nx_web_http_server_put_process when Content-Length in the first packet is smaller than data in the second, potentially writing a very large file and causing d...

CVE-2025-27692

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution...

GHSA-Q8JQ-4RM5-4HM5 @alizeait/unflatto Prototype Pollution

Impact alizeait unflatto = 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties. Patches The problem has been patch...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apache Tomcat

" CVE-2024-50379" CVE-2024-50379 là một lỗ hổng bảo mật nghi...

CVE-2025-31469

Missing Authorization vulnerability in webrangers Clear Sucuri Cache clear-sucuri-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clear Sucuri Cache: from n/a through = 1.4...

Ubuntu: Security Advisory (USN-7372-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-0717

CVE-2025-0717 affects the WordPress plugin Social Slider Feed until version 2.2.9 (older releases are vulnerable to Admin+ Stored XSS). The issue is triggered in the plugin’s admin context and can be mitigated by upgrading to 2.2.9 or newer (or applying vendor-recommended remediation).

WordPress Extensive VC Addons for WPBakery Page Builder 1.9.0 Code Execution

WordPress Extensive VC Addons for WPBakery Page Builder version 1.9.0 suffers from a remote execution vulnerability. Exploit Title: Extensive VC Addons for WPBakery page builder 1.9.1 - Unauthenticated RCE Date: 12 march 2025 Exploit Author: Ravina Vendor Homepage: wprealize Version: 1.9.1 Tested...

CVE-2025-0454 SSRF Check Bypass in Requests Utility in significant-gravitas/autogpt

A Server-Side Request Forgery SSRF vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the urlparse function from the urllib.parse library and the requests library. A malicious...

CVE-2024-8764 Improper Authorization in lunary-ai/lunary

A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute arbitrary regular expressions on the server side. This can lead to a Denial of Service DoS condition, as certain regular expressions can cause excessive resource consumption, blocking the server from...