RCE
Monthly
Critical remote code execution vulnerability in EfroTech Time Trax v1.0 that exploits improper file upload validation in the leave request form's attachment functionality. An authenticated attacker with low privileges can upload and execute arbitrary code on the server, achieving complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability is classified as actively exploitable (CVSS 9.9) and represents an immediate threat to all deployed instances.
A remote code execution vulnerability in all (CVSS 7.2). Risk factors: public PoC available. Vendor patch is available.
The CSV Me WordPress plugin versions up to 2.0 contains an arbitrary file upload vulnerability in the 'csv_me_options_page' function due to insufficient file type validation. Authenticated administrators can exploit this to upload arbitrary files to the server, potentially enabling remote code execution. This is a post-authentication privilege abuse vulnerability with high impact on confidentiality, integrity, and availability.
The FunnelKit plugin for WordPress (versions ≤3.5.3) contains a critical vulnerability allowing unauthenticated attackers to install arbitrary plugins due to missing capability checks and weak nonce validation in the install_or_activate_addon_plugins() function. This is a pre-authentication remote code execution vector with a CVSS 9.8 severity rating that enables complete site compromise through malicious plugin installation.
The Pixabay Images plugin for WordPress versions up to 3.4 contains an arbitrary file upload vulnerability in the pixabay_upload function due to missing file type validation. Authenticated attackers with Author-level access or higher can upload arbitrary files to the server, potentially enabling remote code execution. This vulnerability has a CVSS score of 8.8 (High) and represents a significant risk to WordPress installations using this plugin.
Pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization. Attackers can exploit this vulnerability over the network without authentication to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). This is a critical, actively exploitable vulnerability affecting Trend Micro Endpoint Encryption deployments; similar to CVE-2025-49213 but in a different vulnerable method, indicating a pattern of insecure deserialization issues in the same product.
Post-authentication insecure deserialization vulnerability in Trend Micro Endpoint Encryption PolicyServer that allows remote code execution with high impact on confidentiality, integrity, and availability. While the CVSS score of 8.8 is significant, exploitation requires prior low-privileged code execution on the target system, substantially reducing real-world attack surface compared to unauthenticated network exploits. The vulnerability affects Trend Micro Endpoint Encryption installations and should be prioritized based on organizational exposure to this specific product line and internal threat modeling of low-privileged account compromise scenarios.
Critical pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization. An unauthenticated attacker can exploit this vulnerability over the network with no user interaction required to achieve complete system compromise (confidentiality, integrity, and availability impact). This vulnerability is actively being tracked and should be prioritized for immediate patching as it requires no privileges or complex attack conditions.
Pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization in an unnamed method. An unauthenticated attacker on the network can exploit this over the network without user interaction to achieve complete system compromise (confidentiality, integrity, and availability impact). This vulnerability is actively monitored and represents a critical threat requiring immediate patching.
Fuji Electric Smart Editor contains an out-of-bounds write vulnerability (CWE-787) that allows local attackers with user-level privileges to execute arbitrary code by crafting malicious input files. The vulnerability affects Smart Editor with a CVSS score of 7.8 (high severity), requiring user interaction (opening a malicious file) but no elevated privileges. Without confirmed KEV, EPSS, or public POC data in the provided intelligence, the real-world exploitation likelihood should be assessed as moderate-to-high given the local attack vector and file-based interaction model typical of engineering software.
Stack-based buffer overflow vulnerability in Fuji Electric Smart Editor that allows unauthenticated local attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability requires user interaction (opening a malicious file) but does not require elevated privileges. While the CVSS score of 7.8 reflects high severity, real-world risk depends on KEV status, EPSS score, and public exploit availability, which are not provided in the source data.
CVE-2025-32412 is an out-of-bounds read vulnerability in Fuji Electric Smart Editor that permits arbitrary code execution through a local attack vector requiring user interaction. The vulnerability affects Fuji Electric Smart Editor across affected versions and is classified as high-severity with a CVSS score of 7.8. While no KEV or active exploitation is confirmed in the provided data, the local attack vector combined with user interaction requirement and high impact (confidentiality, integrity, availability) makes this a significant concern for organizations using this industrial automation software.
A buffer overflow vulnerability in llama.cpp (CVSS 8.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an attacker with physical access to a machine to execute arbitrary code on affected installations. An attacker must have had physical access to the target system in order to exploit this vulnerability due to need to access a certain hardware component. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a previous WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only.
CVE-2025-49155 is an uncontrolled search path vulnerability in Trend Micro Apex One's Data Loss Prevention (DLP) module that allows unauthenticated remote attackers to inject and execute arbitrary code. The vulnerability requires user interaction (CVSS UI:R) but poses critical risk to organizations deploying Apex One, as successful exploitation grants full system compromise with high confidentiality, integrity, and availability impact (CVSS 8.8). Exploitation likelihood should be assessed against current threat intelligence for active in-the-wild usage.
Sitecore PowerShell Extensions through version 7.0 allows authenticated users to upload arbitrary files including ASPX webshells via crafted HTTP requests. The unrestricted file upload bypasses content type restrictions, enabling remote code execution on the Sitecore IIS server with any authenticated account.
Sitecore Experience Manager, Platform, and Commerce versions 9.0 through 10.4 contain a Zip Slip vulnerability that allows authenticated attackers to write arbitrary files outside the intended upload directory. By crafting ZIP archives with path traversal entries, attackers can overwrite application files and achieve remote code execution.
Critical pre-authentication remote code execution vulnerability in Trend Micro Apex Central versions below 8.0.7007, caused by insecure deserialization in a specific method. The vulnerability allows unauthenticated remote attackers to execute arbitrary code with complete system compromise (confidentiality, integrity, and availability impact). With a CVSS score of 9.8 and network-based attack vector requiring no user interaction, this represents an immediately exploitable critical threat to exposed Apex Central installations.
Pre-authentication remote code execution vulnerability stemming from insecure deserialization in Trend Micro Apex Central versions below 8.0.7007. An unauthenticated attacker can exploit this vulnerability over the network with low complexity to achieve complete system compromise (confidentiality, integrity, and availability). This vulnerability is actively tracked by CISA as a known exploited vulnerability (KEV) with high CVSS 9.8 severity and carries significant real-world risk due to its network-accessible, authentication-bypass nature.
Local File Inclusion (LFI) vulnerability in Trend Micro Apex Central widgets (versions below 8.0.6955) that allows authenticated attackers to include and execute arbitrary PHP files, achieving remote code execution on affected systems. The vulnerability requires low-level user authentication and moderate attack complexity but carries high impact across confidentiality, integrity, and availability. Active exploitation status and proof-of-concept availability have not been confirmed from the provided data, but the authentication requirement and network accessibility make this a credible threat to deployed Apex Central instances.
Local File Inclusion (LFI) vulnerability in Trend Micro Apex Central widgets that enables remote code execution (RCE) on affected systems. This vulnerability affects Trend Micro Apex Central installations below version 8.0.6955 and requires an authenticated attacker with low privileges to exploit. The vulnerability combines LFI with RCE capabilities, representing a significant threat to organizations using vulnerable Apex Central deployments.
A deserialization vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM (CVSS 9.8). Critical severity with potential for significant impact on affected systems.
PHP Local File Inclusion (LFI) vulnerability in thembay Fana versions through 1.1.28 that allows unauthenticated remote attackers to include and execute arbitrary files through improper control of filename parameters in PHP include/require statements. The high CVSS score of 8.1 reflects the potential for confidentiality, integrity, and availability impact, though the 'H' attack complexity suggests exploitation requires specific conditions or knowledge of the application architecture. No publicly confirmed KEV or widespread active exploitation is documented, but the 2025 CVE date indicates this is a recently disclosed vulnerability requiring immediate attention from Fana users.
PHP Local File Inclusion (LFI) vulnerability in snstheme Simen versions through 4.6 that allows unauthenticated remote attackers to include and execute arbitrary local files via improper control of filename parameters in PHP include/require statements. With a CVSS score of 8.1 and network-based attack vector, this vulnerability enables confidentiality, integrity, and availability compromise; however, the high attack complexity suggests exploitation requires specific conditions or knowledge of the target environment.
The Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin (versions ≤1.3.8.9) contains an unrestricted file upload vulnerability allowing unauthenticated attackers to bypass file type blacklists and upload dangerous file extensions (.phar, etc.). On servers configured to execute .phar files as PHP (common in default Apache+mod_php setups), this enables remote code execution with high impact to confidentiality, integrity, and availability (CVSS 8.1). While KEV and EPSS data are not provided, the vulnerability is actively exploitable given its public disclosure and network-accessible attack vector.
Critical buffer overflow vulnerability in TOTOLINK X15 firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler in the /boafrm/formTmultiAP endpoint. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete compromise of the router (data theft, modification, and denial of service). Public exploit code is available and the vulnerability meets the profile of actively exploitable threats.
Critical buffer overflow vulnerability in TOTOLINK A3002RU routers (version 3.0.0-B20230809.1615 and potentially others) affecting the HTTP POST request handler at endpoint /boafrm/formMultiAP. An authenticated attacker can exploit this via a malicious 'submit-url' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists and the vulnerability is actively exploitable.
A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.
Critical stack-based buffer overflow vulnerability in the HTTP POST request handler (function sub_AC78) of D-Link DIR-665 firmware version 1.00, exploitable remotely by authenticated attackers. The vulnerability allows remote code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Public exploit code is available and the affected product line is no longer maintained by D-Link, significantly elevating real-world risk despite requiring low-privilege authentication.
Critical remote buffer overflow vulnerability in TOTOLINK X15 router firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formMultiAP endpoint. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve complete system compromise including confidentiality, integrity, and availability breaches. A public proof-of-concept exists and the vulnerability is actively exploitable without user interaction.
Critical remote buffer overflow vulnerability in TOTOLINK A3002RU firmware version 3.0.0-B20230809.1615 affecting the HTTP POST request handler for the /boafrm/formSysLog endpoint. An authenticated attacker can exploit this via manipulation of the submit-url parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and represents an active threat to deployed devices.
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the /boafrm/formSysLog HTTP POST handler. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve buffer overflow, leading to remote code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, and the vulnerability affects a widely deployed consumer networking device.
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at endpoint /boafrm/formSysCmd. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk.
Critical buffer overflow vulnerability in TOTOLINK EX1200T router firmware (version 4.1.2cu.5232_B20210713) affecting the NTP configuration handler. An authenticated attacker can remotely exploit this vulnerability via HTTP POST requests to the /boafrm/formNtp endpoint by manipulating the submit-url parameter, achieving remote code execution with complete system compromise (confidentiality, integrity, and availability). A public exploit has been disclosed and the vulnerability may be actively exploited in the wild.
Conda-build versions prior to 25.3.0 are vulnerable to dependency confusion/namespace squatting attacks where an attacker can claim the unpublished 'conda-index' package on PyPI and inject malicious code that gets installed when users run pip install on conda-build projects. This is a critical supply-chain attack vector with CVSS 9.8 (CRITICAL) affecting all users who install conda-build from source or install projects that depend on it via pip, potentially compromising developer environments and CI/CD pipelines. The vulnerability is network-accessible, requires no privileges or user interaction, and provides complete system compromise (confidentiality, integrity, availability).
Conda-build versions prior to 25.4.0 are vulnerable to path traversal (Tarslip) attacks that allow unauthenticated remote attackers to write arbitrary files outside intended extraction directories by crafting malicious tar archives with directory traversal sequences. This critical vulnerability (CVSS 9.8) affects all users and systems utilizing conda-build for package compilation, with potential for privilege escalation and code execution depending on target file locations and system permissions.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiScheduleCfg function in the HTTP POST request handler. An authenticated remote attacker can exploit this vulnerability by manipulating the 'desc' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability. A public exploit has been disclosed and the vulnerability is likely actively exploited given its critical CVSS score of 8.8 and low attack complexity.
Critical arbitrary code execution vulnerability in conda-build prior to version 25.4.0, where unsafe eval() function usage on meta.yaml recipe selectors allows unauthenticated remote attackers to execute arbitrary code during the package build process with no required privileges or user interaction. This vulnerability affects all users and systems using vulnerable conda-build versions to process potentially malicious or compromised recipe files, with a CVSS score of 9.8 indicating critical severity across confidentiality, integrity, and availability impacts.
A security vulnerability in Conda-build (CVSS 7.0). High severity vulnerability requiring prompt remediation. Vendor patch is available.
Local privilege escalation vulnerability in Google ChromeOS MiniOS that allows unauthenticated attackers to achieve root code execution by exploiting an accessible debug shell (VT3 console) through specific key combinations during developer mode entry, circumventing device policy restrictions and Firmware Write Protect mechanisms. This vulnerability affects ChromeOS version 16063.45.2 and potentially other versions on enrolled devices, with a CVSS score of 7.4 indicating high severity. The attack requires local access and specific technical knowledge of key sequences, but no user interaction is needed once device access is obtained.
A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.
Server-Side Template Injection (SSTI) vulnerability in the chat feature of Citrix Remote Support (RS) and Privileged Remote Access (PRA) that enables unauthenticated remote code execution with a critical CVSS score of 9.8. The vulnerability affects the chat messaging functionality across both products with no authentication or user interaction required, allowing attackers to execute arbitrary code on affected systems. This is a critical severity issue requiring immediate patching.
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formWirelessTbl endpoint. An authenticated attacker can exploit the submit-url parameter to achieve remote code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Public proof-of-concept code is available, and this vulnerability may be actively exploited in the wild.
Critical stack-based buffer overflow vulnerability in D-Link DIR-632 firmware version FW103B08, affecting the HTTP POST request handler's get_pure_content function. An unauthenticated remote attacker can exploit this via a malicious Content-Length header to achieve complete system compromise including arbitrary code execution, data theft, and denial of service. Public exploit code exists for this end-of-life product, creating immediate risk for any remaining deployed instances.
Critical stack-based buffer overflow vulnerability in D-Link DIR-619L version 2.06B01 affecting the form_macfilter function through improper handling of mac_hostname_%d and sched_name_%d parameters. An authenticated remote attacker can exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability impacts (CVSS 8.8). Public exploit code is available and the product is end-of-life, significantly elevating real-world risk.
Critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01, affecting the port forwarding configuration function. An authenticated remote attacker can exploit this vulnerability by manipulating the ingress_name_%d, sched_name_%d, or name_%d parameters to achieve remote code execution with high integrity and confidentiality impact. The vulnerability has public exploit code available and affects only end-of-life products no longer receiving vendor support, significantly elevating real-world risk for exposed legacy deployments.
Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0, which allows remote attackers to execute arbitrary code via the page parameter.
A Reflected Cross Site Scripting (XSS) vulnerability was found in '/search' in Phoenix Site CMS from Phoenix, which allows remote attackers to execute arbitrary code via 's' GET parameter.
Reflected Cross-Site Scripting (XSS) vulnerability in /pages/search-results-page in Nosto, which allows remote attackers to execute arbitrary code via the q GET request parameter.
A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function function_message of the file letta/letta/interface.py. The manipulation of the argument function_name/function_args leads to improper neutralization of directives in dynamically evaluated code. The exploit has been disclosed to the public and may be used.
The Image Resizer On The Fly WordPress plugin (versions ≤1.1) contains a critical arbitrary file deletion vulnerability in its 'delete' task that allows unauthenticated attackers to remove arbitrary files from the server without authentication. This vulnerability can facilitate remote code execution by deleting critical files such as wp-config.php, leading to complete WordPress installation compromise. With a CVSS score of 9.1 and network-accessible attack vector requiring no user interaction or privileges, this represents a critical risk to all unpatched installations.
A remote code execution vulnerability in all (CVSS 8.1). High severity vulnerability requiring prompt remediation.
A remote code execution vulnerability in File Manager Pro - Filester (CVSS 7.2). High severity vulnerability requiring prompt remediation.
Privilege escalation vulnerability in IBM Backup, Recovery and Media Services (BRMS) for i versions 7.4 and 7.5 that exploits unqualified library calls in compiled or restored programs. An authenticated user with compile or restore capabilities can inject malicious code that executes with elevated component access to the IBM i operating system, achieving full system compromise. This is a high-severity issue affecting enterprise backup infrastructure, though it requires valid credentials and medium attack complexity to exploit.
Critical deserialization vulnerability in Dell ControlVault3 that allows unauthenticated local attackers to achieve arbitrary code execution by sending specially crafted responses to the cvhDecapsulateCmd functionality. The vulnerability affects ControlVault3 prior to version 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. An attacker who can compromise ControlVault firmware or intercept responses can trigger remote code execution with system-level privileges, making this a high-impact vulnerability despite the moderate attack complexity requirement.
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling meta.yaml can inject malicious code into the version assignment, which is executed during file processing, leading to arbitrary code execution. Exploitation requires an attacker to modify the recipe file by manipulating the RECIPE_DIR variable and introducing a malicious meta.yaml file. While this is more feasible in CI/CD pipelines, it is uncommon in typical environments, reducing overall risk. This vulnerability is fixed in 4.15.0.
Stack-based buffer overflow vulnerability in Dell ControlVault3's securebio_identify functionality that allows local attackers with low privileges to execute arbitrary code with high impact across the system. The vulnerability affects ControlVault3 versions prior to 5.15.10.14 and ControlVault3 Plus versions prior to 6.2.26.36, and can be triggered via a specially crafted API call with a malicious cv_object parameter.
handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This so-called "gadget chain" presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. The problem is patched with Version 1.4.3.
MCP Inspector versions below 0.14.1 contain a critical authentication bypass vulnerability (CVE-2025-49596) that enables unauthenticated remote code execution through unprotected communication between the Inspector client and proxy. Attackers can exploit this over the network without user interaction beyond the initial proxy connection to execute arbitrary MCP commands via stdio, achieving complete system compromise with CVSS 9.4 severity. The vulnerability requires immediate patching as it represents a complete authentication failure in a developer tool that is typically deployed on development systems with elevated privileges.
A remote code execution vulnerability in XWiki (CVSS 8.8). Risk factors: public PoC available. Vendor patch is available.
A security vulnerability in versions (CVSS 8.0). Risk factors: public PoC available. Vendor patch is available.
XWiki's macro rights analyzer introduced in version 15.9RC1 contains incomplete validation that allows attackers to hide malicious script macros (Groovy, Python) by exploiting non-lowercase parameter handling and unanalyzed macro parameters. An authenticated attacker with limited privileges can inject hidden malicious macros that execute when a higher-privileged user edits the page, enabling remote code execution. This vulnerability affects XWiki versions 15.9RC1 through 16.4.6, 16.10.0-16.10.2, and 16.x-17.0.0-rc1, with patches available in versions 16.4.7, 16.10.3, and 17.0.0.
A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.
Critical privilege escalation vulnerability in XWiki that allows any user with page edit rights to execute arbitrary code (Groovy, Python, Velocity) with programming-level privileges by creating malicious wiki macros. An attacker can exploit wiki macro parameter defaults to inject code into high-privilege pages like XWiki.ChildrenMacro, achieving full XWiki installation compromise. The vulnerability affects XWiki versions prior to 16.4.7, 16.10.3, and 17.0.0; patch availability is confirmed across multiple release branches.
Critical remote code execution vulnerability in OpenC3 COSMOS v6.0.0's Plugin Management component that allows unauthenticated attackers to execute arbitrary code by uploading a specially crafted .txt file. The vulnerability has a CVSS score of 9.8 (critical severity) with no authentication or user interaction required, making it trivially exploitable over the network. Given the high CVSS score and attack surface (public-facing plugin management interfaces), this vulnerability poses an immediate threat to all deployed instances of the affected version.
Critical remote code execution vulnerability in TOTOLINK N600R router firmware v4.3.0cu.7866_B2022506, exploitable through a buffer overflow in the UPLOAD_FILENAME parameter without authentication. An unauthenticated remote attacker can execute arbitrary code with no user interaction required, achieving complete system compromise with CVSS 9.8 severity. KEV status and active exploitation data unavailable from provided sources; EPSS probability should be assumed high given unauthenticated network attack vector and critical impact.
A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available.
A critical unauthenticated remote command injection vulnerability exists in multiple Blink router models through the 'mac' parameter in the bs_SetMacBlack function, allowing attackers to execute arbitrary commands with full system privileges. Affected models include BL-WR9000 V2.4.9, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5, BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0, and BL-X26_DA3 v1.2.7. With a CVSS score of 9.8 and network-based attack vector requiring no authentication or user interaction, this vulnerability poses severe risk to any exposed router on the network.
Critical remote command injection vulnerability affecting multiple Blink router models through the bs_SetSSIDHide function, allowing unauthenticated attackers to execute arbitrary commands with full system compromise. The vulnerability impacts 8 distinct product lines across versions ranging from v1.0.0 to v4.0.0, with a CVSS score of 9.8 indicating severe severity due to network accessibility, low attack complexity, and no privilege requirements. This represents an actively exploitable flaw affecting home and small business network infrastructure with potential for widespread compromise.
A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available.
Critical remote code execution vulnerability with a perfect CVSS 10.0 score that allows unauthenticated attackers to execute arbitrary code on affected servers over the network with no user interaction required. The vulnerability stems from improper handling of code evaluation (CWE-94: Improper Control of Generation of Code) and affects systems processing untrusted input. Given the maximum CVSS severity, network attack vector, and lack of authentication requirements, this vulnerability represents an immediate and severe threat to any exposed systems and should be treated as a critical priority for patching regardless of additional context.
Critical path traversal vulnerability in RICOH Streamline NX V3 PC Client (versions 3.5.0-3.242.0) that allows unauthenticated remote attackers to execute arbitrary code on affected systems by tampering with specific files used by the product. With a CVSS score of 9.8 and network-based attack vector requiring no user interaction, this vulnerability poses immediate risk to organizations deploying vulnerable versions of the RICOH client software. KEV and EPSS status, POC availability, and active exploitation data are not yet available in public disclosures, but the severity profile (CVSS 9.8, CVSS:3.0/AV:N/AC:L/PR:N/UI:N) suggests high exploitability.
CVE-2025-39240 is an authenticated remote command execution vulnerability in Hikvision Wireless Access Points caused by insufficient input validation in packet handling. Attackers with valid credentials can send crafted packets to execute arbitrary commands on affected devices, potentially achieving full system compromise. The vulnerability has a CVSS 7.2 score reflecting high confidentiality, integrity, and availability impact, though it requires valid authentication credentials to exploit.
Remote code execution vulnerability in Acer ControlCenter that exploits a misconfigured Windows Named Pipe to allow authenticated attackers with low privileges to execute arbitrary code with SYSTEM-level permissions. The vulnerability has a CVSS score of 8.8 (High) and requires only network access and low privileges, making it a significant elevation-of-privilege vector; real-world exploitation likelihood depends on confirmation of active KEV listing and public exploit availability.
Command injection vulnerability in Visual Studio that allows an authenticated attacker with local user interaction to execute arbitrary code over a network with high impact on confidentiality, integrity, and availability. While the vulnerability requires prior authorization and user interaction, successful exploitation could lead to complete system compromise. No public indication of active exploitation or widespread POC availability is currently documented, but the CVSS 7.1 score reflects significant risk in collaborative development environments where multiple authorized users access shared Visual Studio instances.
CVE-2025-30399 is an untrusted search path vulnerability in .NET and Visual Studio that allows unauthenticated remote attackers to execute arbitrary code through a network vector, requiring user interaction. The vulnerability affects multiple versions of .NET Framework and Visual Studio across Windows platforms. While the CVSS score is 7.5 (high), the attack complexity is high and requires user interaction, potentially limiting real-world exploitation frequency.
Command injection vulnerability in Palo Alto Networks PAN-OS that allows authenticated administrators with CLI access to bypass system restrictions and execute arbitrary commands with root privileges. The vulnerability affects on-premises PAN-OS deployments with CVSS 8.4, but risk is significantly reduced in environments where CLI access is restricted to a limited administrative group. Cloud NGFW and Prisma Access are not affected.
PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414.
CVE-2024-55567 is an improper input validation vulnerability in the UsbCoreDxe module of Insyde InsydeH2O firmware that allows authenticated local attackers with high privileges to bypass SMM (System Management Mode) protections and execute arbitrary code at the highest firmware privilege level. This affects multiple kernel versions (5.4, 5.5, 5.6, 5.7) across numerous OEM BIOS implementations, enabling complete system compromise including kernel-level code execution and memory access. While CVSS rates this as 7.5 (high), real-world exploitation requires local access and administrative/BIOS-level privileges, though no public POC or active KEV designation has been confirmed.
Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.
Path traversal vulnerability in Google Web Designer's template handling mechanism that enables remote code execution when users are socially engineered into downloading malicious ad templates. Versions prior to 16.3.0.0407 on Windows are affected, and the vulnerability requires user interaction (UI:R) but has no authentication requirements (PR:N). While CVSS 8.8 indicates high severity with complete confidentiality, integrity, and availability impact, exploitation probability and KEV status information is not provided in the available intelligence.
A file upload vulnerability in all (CVSS 8.8). High severity vulnerability requiring prompt remediation.
Privilege escalation vulnerability in UpdateNavi and UpdateNaviInstallService that allows local authenticated attackers to modify arbitrary registry values or execute arbitrary code through improper communication channel restrictions. Affected versions include UpdateNavi V1.4 L10-L33 and UpdateNaviInstallService 1.2.0091-1.2.0125. With a CVSS score of 7.1 and local attack vector requiring low privileges, this vulnerability poses significant risk to systems running vulnerable versions, particularly in scenarios where local user accounts have network access or elevation paths.
A remote code execution vulnerability (CVSS 9.2). Critical severity with potential for significant impact on affected systems.
A remote code execution vulnerability (CVSS 7.2). High severity vulnerability requiring prompt remediation.
DLL hijacking vulnerability in ClipShare Server for Windows (versions prior to 3.8.5) that allows local, non-privileged users to achieve arbitrary code execution and potential privilege escalation by placing malicious DLLs in the application directory. The vulnerability exploits Windows' default DLL search order, where the application directory is searched before system paths, and poses a reliable privilege escalation risk when ClipShare is run by elevated users. This is a local attack requiring write access to the installation directory.
Critical command injection vulnerability in u-link Management API that allows unauthenticated remote attackers positioned as man-in-the-middle (MITM) to inject arbitrary commands into WWH server responses, which are then executed with elevated privileges. The vulnerability requires clients to use insecure proxy configurations to exploit, resulting in complete system compromise (CVSS 9.8). While no public POC or KEV listing is available at publication, the attack vector is network-based with low complexity, making this a significant priority for organizations using u-link with proxy infrastructure.
Critical CSRF vulnerability affecting network devices that allows unauthenticated remote attackers to execute arbitrary commands with root privileges by exploiting missing CSRF protections. The vulnerability requires minimal user interaction and presents an exceptionally high real-world risk due to its network-accessible attack vector, root-level command execution capability, and lack of authentication requirements. Active exploitation status and proof-of-concept availability should be confirmed through CISA KEV and exploit databases, as this combination of factors (no auth + remote + root RCE) typically indicates urgent patch deployment.
The WordPress Automatic Plugin (all versions up to 3.115.0) contains an arbitrary file upload vulnerability in core.php due to insufficient file type validation, allowing authenticated attackers with Author-level or higher privileges to upload malicious files and potentially achieve remote code execution. This is a high-severity vulnerability (CVSS 8.8) affecting a widely-deployed WordPress plugin; real-world exploitation requires valid WordPress credentials at Author level or above, but successful exploitation enables complete server compromise.
WP-DownloadManager plugin for WordPress versions up to 1.68.10 contains an arbitrary file deletion vulnerability (CVE-2025-4799) that allows authenticated administrators to delete any file on the server without directory restrictions. When paired with CVE-2025-4798, attackers can delete critical files like wp-config.php, leading to remote code execution. The vulnerability requires high-privilege administrative access, resulting in a CVSS 7.2 score with high confidentiality, integrity, and availability impact.
Critical remote code execution vulnerability in EfroTech Time Trax v1.0 that exploits improper file upload validation in the leave request form's attachment functionality. An authenticated attacker with low privileges can upload and execute arbitrary code on the server, achieving complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability is classified as actively exploitable (CVSS 9.9) and represents an immediate threat to all deployed instances.
A remote code execution vulnerability in all (CVSS 7.2). Risk factors: public PoC available. Vendor patch is available.
The CSV Me WordPress plugin versions up to 2.0 contains an arbitrary file upload vulnerability in the 'csv_me_options_page' function due to insufficient file type validation. Authenticated administrators can exploit this to upload arbitrary files to the server, potentially enabling remote code execution. This is a post-authentication privilege abuse vulnerability with high impact on confidentiality, integrity, and availability.
The FunnelKit plugin for WordPress (versions ≤3.5.3) contains a critical vulnerability allowing unauthenticated attackers to install arbitrary plugins due to missing capability checks and weak nonce validation in the install_or_activate_addon_plugins() function. This is a pre-authentication remote code execution vector with a CVSS 9.8 severity rating that enables complete site compromise through malicious plugin installation.
The Pixabay Images plugin for WordPress versions up to 3.4 contains an arbitrary file upload vulnerability in the pixabay_upload function due to missing file type validation. Authenticated attackers with Author-level access or higher can upload arbitrary files to the server, potentially enabling remote code execution. This vulnerability has a CVSS score of 8.8 (High) and represents a significant risk to WordPress installations using this plugin.
Pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization. Attackers can exploit this vulnerability over the network without authentication to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). This is a critical, actively exploitable vulnerability affecting Trend Micro Endpoint Encryption deployments; similar to CVE-2025-49213 but in a different vulnerable method, indicating a pattern of insecure deserialization issues in the same product.
Post-authentication insecure deserialization vulnerability in Trend Micro Endpoint Encryption PolicyServer that allows remote code execution with high impact on confidentiality, integrity, and availability. While the CVSS score of 8.8 is significant, exploitation requires prior low-privileged code execution on the target system, substantially reducing real-world attack surface compared to unauthenticated network exploits. The vulnerability affects Trend Micro Endpoint Encryption installations and should be prioritized based on organizational exposure to this specific product line and internal threat modeling of low-privileged account compromise scenarios.
Critical pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization. An unauthenticated attacker can exploit this vulnerability over the network with no user interaction required to achieve complete system compromise (confidentiality, integrity, and availability impact). This vulnerability is actively being tracked and should be prioritized for immediate patching as it requires no privileges or complex attack conditions.
Pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization in an unnamed method. An unauthenticated attacker on the network can exploit this over the network without user interaction to achieve complete system compromise (confidentiality, integrity, and availability impact). This vulnerability is actively monitored and represents a critical threat requiring immediate patching.
Fuji Electric Smart Editor contains an out-of-bounds write vulnerability (CWE-787) that allows local attackers with user-level privileges to execute arbitrary code by crafting malicious input files. The vulnerability affects Smart Editor with a CVSS score of 7.8 (high severity), requiring user interaction (opening a malicious file) but no elevated privileges. Without confirmed KEV, EPSS, or public POC data in the provided intelligence, the real-world exploitation likelihood should be assessed as moderate-to-high given the local attack vector and file-based interaction model typical of engineering software.
Stack-based buffer overflow vulnerability in Fuji Electric Smart Editor that allows unauthenticated local attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability requires user interaction (opening a malicious file) but does not require elevated privileges. While the CVSS score of 7.8 reflects high severity, real-world risk depends on KEV status, EPSS score, and public exploit availability, which are not provided in the source data.
CVE-2025-32412 is an out-of-bounds read vulnerability in Fuji Electric Smart Editor that permits arbitrary code execution through a local attack vector requiring user interaction. The vulnerability affects Fuji Electric Smart Editor across affected versions and is classified as high-severity with a CVSS score of 7.8. While no KEV or active exploitation is confirmed in the provided data, the local attack vector combined with user interaction requirement and high impact (confidentiality, integrity, availability) makes this a significant concern for organizations using this industrial automation software.
A buffer overflow vulnerability in llama.cpp (CVSS 8.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an attacker with physical access to a machine to execute arbitrary code on affected installations. An attacker must have had physical access to the target system in order to exploit this vulnerability due to need to access a certain hardware component. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a previous WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only.
CVE-2025-49155 is an uncontrolled search path vulnerability in Trend Micro Apex One's Data Loss Prevention (DLP) module that allows unauthenticated remote attackers to inject and execute arbitrary code. The vulnerability requires user interaction (CVSS UI:R) but poses critical risk to organizations deploying Apex One, as successful exploitation grants full system compromise with high confidentiality, integrity, and availability impact (CVSS 8.8). Exploitation likelihood should be assessed against current threat intelligence for active in-the-wild usage.
Sitecore PowerShell Extensions through version 7.0 allows authenticated users to upload arbitrary files including ASPX webshells via crafted HTTP requests. The unrestricted file upload bypasses content type restrictions, enabling remote code execution on the Sitecore IIS server with any authenticated account.
Sitecore Experience Manager, Platform, and Commerce versions 9.0 through 10.4 contain a Zip Slip vulnerability that allows authenticated attackers to write arbitrary files outside the intended upload directory. By crafting ZIP archives with path traversal entries, attackers can overwrite application files and achieve remote code execution.
Critical pre-authentication remote code execution vulnerability in Trend Micro Apex Central versions below 8.0.7007, caused by insecure deserialization in a specific method. The vulnerability allows unauthenticated remote attackers to execute arbitrary code with complete system compromise (confidentiality, integrity, and availability impact). With a CVSS score of 9.8 and network-based attack vector requiring no user interaction, this represents an immediately exploitable critical threat to exposed Apex Central installations.
Pre-authentication remote code execution vulnerability stemming from insecure deserialization in Trend Micro Apex Central versions below 8.0.7007. An unauthenticated attacker can exploit this vulnerability over the network with low complexity to achieve complete system compromise (confidentiality, integrity, and availability). This vulnerability is actively tracked by CISA as a known exploited vulnerability (KEV) with high CVSS 9.8 severity and carries significant real-world risk due to its network-accessible, authentication-bypass nature.
Local File Inclusion (LFI) vulnerability in Trend Micro Apex Central widgets (versions below 8.0.6955) that allows authenticated attackers to include and execute arbitrary PHP files, achieving remote code execution on affected systems. The vulnerability requires low-level user authentication and moderate attack complexity but carries high impact across confidentiality, integrity, and availability. Active exploitation status and proof-of-concept availability have not been confirmed from the provided data, but the authentication requirement and network accessibility make this a credible threat to deployed Apex Central instances.
Local File Inclusion (LFI) vulnerability in Trend Micro Apex Central widgets that enables remote code execution (RCE) on affected systems. This vulnerability affects Trend Micro Apex Central installations below version 8.0.6955 and requires an authenticated attacker with low privileges to exploit. The vulnerability combines LFI with RCE capabilities, representing a significant threat to organizations using vulnerable Apex Central deployments.
A deserialization vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM (CVSS 9.8). Critical severity with potential for significant impact on affected systems.
PHP Local File Inclusion (LFI) vulnerability in thembay Fana versions through 1.1.28 that allows unauthenticated remote attackers to include and execute arbitrary files through improper control of filename parameters in PHP include/require statements. The high CVSS score of 8.1 reflects the potential for confidentiality, integrity, and availability impact, though the 'H' attack complexity suggests exploitation requires specific conditions or knowledge of the application architecture. No publicly confirmed KEV or widespread active exploitation is documented, but the 2025 CVE date indicates this is a recently disclosed vulnerability requiring immediate attention from Fana users.
PHP Local File Inclusion (LFI) vulnerability in snstheme Simen versions through 4.6 that allows unauthenticated remote attackers to include and execute arbitrary local files via improper control of filename parameters in PHP include/require statements. With a CVSS score of 8.1 and network-based attack vector, this vulnerability enables confidentiality, integrity, and availability compromise; however, the high attack complexity suggests exploitation requires specific conditions or knowledge of the target environment.
The Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin (versions ≤1.3.8.9) contains an unrestricted file upload vulnerability allowing unauthenticated attackers to bypass file type blacklists and upload dangerous file extensions (.phar, etc.). On servers configured to execute .phar files as PHP (common in default Apache+mod_php setups), this enables remote code execution with high impact to confidentiality, integrity, and availability (CVSS 8.1). While KEV and EPSS data are not provided, the vulnerability is actively exploitable given its public disclosure and network-accessible attack vector.
Critical buffer overflow vulnerability in TOTOLINK X15 firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler in the /boafrm/formTmultiAP endpoint. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete compromise of the router (data theft, modification, and denial of service). Public exploit code is available and the vulnerability meets the profile of actively exploitable threats.
Critical buffer overflow vulnerability in TOTOLINK A3002RU routers (version 3.0.0-B20230809.1615 and potentially others) affecting the HTTP POST request handler at endpoint /boafrm/formMultiAP. An authenticated attacker can exploit this via a malicious 'submit-url' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists and the vulnerability is actively exploitable.
A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.
Critical stack-based buffer overflow vulnerability in the HTTP POST request handler (function sub_AC78) of D-Link DIR-665 firmware version 1.00, exploitable remotely by authenticated attackers. The vulnerability allows remote code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Public exploit code is available and the affected product line is no longer maintained by D-Link, significantly elevating real-world risk despite requiring low-privilege authentication.
Critical remote buffer overflow vulnerability in TOTOLINK X15 router firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formMultiAP endpoint. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve complete system compromise including confidentiality, integrity, and availability breaches. A public proof-of-concept exists and the vulnerability is actively exploitable without user interaction.
Critical remote buffer overflow vulnerability in TOTOLINK A3002RU firmware version 3.0.0-B20230809.1615 affecting the HTTP POST request handler for the /boafrm/formSysLog endpoint. An authenticated attacker can exploit this via manipulation of the submit-url parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and represents an active threat to deployed devices.
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the /boafrm/formSysLog HTTP POST handler. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve buffer overflow, leading to remote code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, and the vulnerability affects a widely deployed consumer networking device.
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at endpoint /boafrm/formSysCmd. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk.
Critical buffer overflow vulnerability in TOTOLINK EX1200T router firmware (version 4.1.2cu.5232_B20210713) affecting the NTP configuration handler. An authenticated attacker can remotely exploit this vulnerability via HTTP POST requests to the /boafrm/formNtp endpoint by manipulating the submit-url parameter, achieving remote code execution with complete system compromise (confidentiality, integrity, and availability). A public exploit has been disclosed and the vulnerability may be actively exploited in the wild.
Conda-build versions prior to 25.3.0 are vulnerable to dependency confusion/namespace squatting attacks where an attacker can claim the unpublished 'conda-index' package on PyPI and inject malicious code that gets installed when users run pip install on conda-build projects. This is a critical supply-chain attack vector with CVSS 9.8 (CRITICAL) affecting all users who install conda-build from source or install projects that depend on it via pip, potentially compromising developer environments and CI/CD pipelines. The vulnerability is network-accessible, requires no privileges or user interaction, and provides complete system compromise (confidentiality, integrity, availability).
Conda-build versions prior to 25.4.0 are vulnerable to path traversal (Tarslip) attacks that allow unauthenticated remote attackers to write arbitrary files outside intended extraction directories by crafting malicious tar archives with directory traversal sequences. This critical vulnerability (CVSS 9.8) affects all users and systems utilizing conda-build for package compilation, with potential for privilege escalation and code execution depending on target file locations and system permissions.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiScheduleCfg function in the HTTP POST request handler. An authenticated remote attacker can exploit this vulnerability by manipulating the 'desc' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability. A public exploit has been disclosed and the vulnerability is likely actively exploited given its critical CVSS score of 8.8 and low attack complexity.
Critical arbitrary code execution vulnerability in conda-build prior to version 25.4.0, where unsafe eval() function usage on meta.yaml recipe selectors allows unauthenticated remote attackers to execute arbitrary code during the package build process with no required privileges or user interaction. This vulnerability affects all users and systems using vulnerable conda-build versions to process potentially malicious or compromised recipe files, with a CVSS score of 9.8 indicating critical severity across confidentiality, integrity, and availability impacts.
A security vulnerability in Conda-build (CVSS 7.0). High severity vulnerability requiring prompt remediation. Vendor patch is available.
Local privilege escalation vulnerability in Google ChromeOS MiniOS that allows unauthenticated attackers to achieve root code execution by exploiting an accessible debug shell (VT3 console) through specific key combinations during developer mode entry, circumventing device policy restrictions and Firmware Write Protect mechanisms. This vulnerability affects ChromeOS version 16063.45.2 and potentially other versions on enrolled devices, with a CVSS score of 7.4 indicating high severity. The attack requires local access and specific technical knowledge of key sequences, but no user interaction is needed once device access is obtained.
A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.
Server-Side Template Injection (SSTI) vulnerability in the chat feature of Citrix Remote Support (RS) and Privileged Remote Access (PRA) that enables unauthenticated remote code execution with a critical CVSS score of 9.8. The vulnerability affects the chat messaging functionality across both products with no authentication or user interaction required, allowing attackers to execute arbitrary code on affected systems. This is a critical severity issue requiring immediate patching.
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formWirelessTbl endpoint. An authenticated attacker can exploit the submit-url parameter to achieve remote code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Public proof-of-concept code is available, and this vulnerability may be actively exploited in the wild.
Critical stack-based buffer overflow vulnerability in D-Link DIR-632 firmware version FW103B08, affecting the HTTP POST request handler's get_pure_content function. An unauthenticated remote attacker can exploit this via a malicious Content-Length header to achieve complete system compromise including arbitrary code execution, data theft, and denial of service. Public exploit code exists for this end-of-life product, creating immediate risk for any remaining deployed instances.
Critical stack-based buffer overflow vulnerability in D-Link DIR-619L version 2.06B01 affecting the form_macfilter function through improper handling of mac_hostname_%d and sched_name_%d parameters. An authenticated remote attacker can exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability impacts (CVSS 8.8). Public exploit code is available and the product is end-of-life, significantly elevating real-world risk.
Critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01, affecting the port forwarding configuration function. An authenticated remote attacker can exploit this vulnerability by manipulating the ingress_name_%d, sched_name_%d, or name_%d parameters to achieve remote code execution with high integrity and confidentiality impact. The vulnerability has public exploit code available and affects only end-of-life products no longer receiving vendor support, significantly elevating real-world risk for exposed legacy deployments.
Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0, which allows remote attackers to execute arbitrary code via the page parameter.
A Reflected Cross Site Scripting (XSS) vulnerability was found in '/search' in Phoenix Site CMS from Phoenix, which allows remote attackers to execute arbitrary code via 's' GET parameter.
Reflected Cross-Site Scripting (XSS) vulnerability in /pages/search-results-page in Nosto, which allows remote attackers to execute arbitrary code via the q GET request parameter.
A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function function_message of the file letta/letta/interface.py. The manipulation of the argument function_name/function_args leads to improper neutralization of directives in dynamically evaluated code. The exploit has been disclosed to the public and may be used.
The Image Resizer On The Fly WordPress plugin (versions ≤1.1) contains a critical arbitrary file deletion vulnerability in its 'delete' task that allows unauthenticated attackers to remove arbitrary files from the server without authentication. This vulnerability can facilitate remote code execution by deleting critical files such as wp-config.php, leading to complete WordPress installation compromise. With a CVSS score of 9.1 and network-accessible attack vector requiring no user interaction or privileges, this represents a critical risk to all unpatched installations.
A remote code execution vulnerability in all (CVSS 8.1). High severity vulnerability requiring prompt remediation.
A remote code execution vulnerability in File Manager Pro - Filester (CVSS 7.2). High severity vulnerability requiring prompt remediation.
Privilege escalation vulnerability in IBM Backup, Recovery and Media Services (BRMS) for i versions 7.4 and 7.5 that exploits unqualified library calls in compiled or restored programs. An authenticated user with compile or restore capabilities can inject malicious code that executes with elevated component access to the IBM i operating system, achieving full system compromise. This is a high-severity issue affecting enterprise backup infrastructure, though it requires valid credentials and medium attack complexity to exploit.
Critical deserialization vulnerability in Dell ControlVault3 that allows unauthenticated local attackers to achieve arbitrary code execution by sending specially crafted responses to the cvhDecapsulateCmd functionality. The vulnerability affects ControlVault3 prior to version 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. An attacker who can compromise ControlVault firmware or intercept responses can trigger remote code execution with system-level privileges, making this a high-impact vulnerability despite the moderate attack complexity requirement.
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling meta.yaml can inject malicious code into the version assignment, which is executed during file processing, leading to arbitrary code execution. Exploitation requires an attacker to modify the recipe file by manipulating the RECIPE_DIR variable and introducing a malicious meta.yaml file. While this is more feasible in CI/CD pipelines, it is uncommon in typical environments, reducing overall risk. This vulnerability is fixed in 4.15.0.
Stack-based buffer overflow vulnerability in Dell ControlVault3's securebio_identify functionality that allows local attackers with low privileges to execute arbitrary code with high impact across the system. The vulnerability affects ControlVault3 versions prior to 5.15.10.14 and ControlVault3 Plus versions prior to 6.2.26.36, and can be triggered via a specially crafted API call with a malicious cv_object parameter.
handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This so-called "gadget chain" presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. The problem is patched with Version 1.4.3.
MCP Inspector versions below 0.14.1 contain a critical authentication bypass vulnerability (CVE-2025-49596) that enables unauthenticated remote code execution through unprotected communication between the Inspector client and proxy. Attackers can exploit this over the network without user interaction beyond the initial proxy connection to execute arbitrary MCP commands via stdio, achieving complete system compromise with CVSS 9.4 severity. The vulnerability requires immediate patching as it represents a complete authentication failure in a developer tool that is typically deployed on development systems with elevated privileges.
A remote code execution vulnerability in XWiki (CVSS 8.8). Risk factors: public PoC available. Vendor patch is available.
A security vulnerability in versions (CVSS 8.0). Risk factors: public PoC available. Vendor patch is available.
XWiki's macro rights analyzer introduced in version 15.9RC1 contains incomplete validation that allows attackers to hide malicious script macros (Groovy, Python) by exploiting non-lowercase parameter handling and unanalyzed macro parameters. An authenticated attacker with limited privileges can inject hidden malicious macros that execute when a higher-privileged user edits the page, enabling remote code execution. This vulnerability affects XWiki versions 15.9RC1 through 16.4.6, 16.10.0-16.10.2, and 16.x-17.0.0-rc1, with patches available in versions 16.4.7, 16.10.3, and 17.0.0.
A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.
Critical privilege escalation vulnerability in XWiki that allows any user with page edit rights to execute arbitrary code (Groovy, Python, Velocity) with programming-level privileges by creating malicious wiki macros. An attacker can exploit wiki macro parameter defaults to inject code into high-privilege pages like XWiki.ChildrenMacro, achieving full XWiki installation compromise. The vulnerability affects XWiki versions prior to 16.4.7, 16.10.3, and 17.0.0; patch availability is confirmed across multiple release branches.
Critical remote code execution vulnerability in OpenC3 COSMOS v6.0.0's Plugin Management component that allows unauthenticated attackers to execute arbitrary code by uploading a specially crafted .txt file. The vulnerability has a CVSS score of 9.8 (critical severity) with no authentication or user interaction required, making it trivially exploitable over the network. Given the high CVSS score and attack surface (public-facing plugin management interfaces), this vulnerability poses an immediate threat to all deployed instances of the affected version.
Critical remote code execution vulnerability in TOTOLINK N600R router firmware v4.3.0cu.7866_B2022506, exploitable through a buffer overflow in the UPLOAD_FILENAME parameter without authentication. An unauthenticated remote attacker can execute arbitrary code with no user interaction required, achieving complete system compromise with CVSS 9.8 severity. KEV status and active exploitation data unavailable from provided sources; EPSS probability should be assumed high given unauthenticated network attack vector and critical impact.
A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available.
A critical unauthenticated remote command injection vulnerability exists in multiple Blink router models through the 'mac' parameter in the bs_SetMacBlack function, allowing attackers to execute arbitrary commands with full system privileges. Affected models include BL-WR9000 V2.4.9, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5, BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0, and BL-X26_DA3 v1.2.7. With a CVSS score of 9.8 and network-based attack vector requiring no authentication or user interaction, this vulnerability poses severe risk to any exposed router on the network.
Critical remote command injection vulnerability affecting multiple Blink router models through the bs_SetSSIDHide function, allowing unauthenticated attackers to execute arbitrary commands with full system compromise. The vulnerability impacts 8 distinct product lines across versions ranging from v1.0.0 to v4.0.0, with a CVSS score of 9.8 indicating severe severity due to network accessibility, low attack complexity, and no privilege requirements. This represents an actively exploitable flaw affecting home and small business network infrastructure with potential for widespread compromise.
A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available.
Critical remote code execution vulnerability with a perfect CVSS 10.0 score that allows unauthenticated attackers to execute arbitrary code on affected servers over the network with no user interaction required. The vulnerability stems from improper handling of code evaluation (CWE-94: Improper Control of Generation of Code) and affects systems processing untrusted input. Given the maximum CVSS severity, network attack vector, and lack of authentication requirements, this vulnerability represents an immediate and severe threat to any exposed systems and should be treated as a critical priority for patching regardless of additional context.
Critical path traversal vulnerability in RICOH Streamline NX V3 PC Client (versions 3.5.0-3.242.0) that allows unauthenticated remote attackers to execute arbitrary code on affected systems by tampering with specific files used by the product. With a CVSS score of 9.8 and network-based attack vector requiring no user interaction, this vulnerability poses immediate risk to organizations deploying vulnerable versions of the RICOH client software. KEV and EPSS status, POC availability, and active exploitation data are not yet available in public disclosures, but the severity profile (CVSS 9.8, CVSS:3.0/AV:N/AC:L/PR:N/UI:N) suggests high exploitability.
CVE-2025-39240 is an authenticated remote command execution vulnerability in Hikvision Wireless Access Points caused by insufficient input validation in packet handling. Attackers with valid credentials can send crafted packets to execute arbitrary commands on affected devices, potentially achieving full system compromise. The vulnerability has a CVSS 7.2 score reflecting high confidentiality, integrity, and availability impact, though it requires valid authentication credentials to exploit.
Remote code execution vulnerability in Acer ControlCenter that exploits a misconfigured Windows Named Pipe to allow authenticated attackers with low privileges to execute arbitrary code with SYSTEM-level permissions. The vulnerability has a CVSS score of 8.8 (High) and requires only network access and low privileges, making it a significant elevation-of-privilege vector; real-world exploitation likelihood depends on confirmation of active KEV listing and public exploit availability.
Command injection vulnerability in Visual Studio that allows an authenticated attacker with local user interaction to execute arbitrary code over a network with high impact on confidentiality, integrity, and availability. While the vulnerability requires prior authorization and user interaction, successful exploitation could lead to complete system compromise. No public indication of active exploitation or widespread POC availability is currently documented, but the CVSS 7.1 score reflects significant risk in collaborative development environments where multiple authorized users access shared Visual Studio instances.
CVE-2025-30399 is an untrusted search path vulnerability in .NET and Visual Studio that allows unauthenticated remote attackers to execute arbitrary code through a network vector, requiring user interaction. The vulnerability affects multiple versions of .NET Framework and Visual Studio across Windows platforms. While the CVSS score is 7.5 (high), the attack complexity is high and requires user interaction, potentially limiting real-world exploitation frequency.
Command injection vulnerability in Palo Alto Networks PAN-OS that allows authenticated administrators with CLI access to bypass system restrictions and execute arbitrary commands with root privileges. The vulnerability affects on-premises PAN-OS deployments with CVSS 8.4, but risk is significantly reduced in environments where CLI access is restricted to a limited administrative group. Cloud NGFW and Prisma Access are not affected.
PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414.
CVE-2024-55567 is an improper input validation vulnerability in the UsbCoreDxe module of Insyde InsydeH2O firmware that allows authenticated local attackers with high privileges to bypass SMM (System Management Mode) protections and execute arbitrary code at the highest firmware privilege level. This affects multiple kernel versions (5.4, 5.5, 5.6, 5.7) across numerous OEM BIOS implementations, enabling complete system compromise including kernel-level code execution and memory access. While CVSS rates this as 7.5 (high), real-world exploitation requires local access and administrative/BIOS-level privileges, though no public POC or active KEV designation has been confirmed.
Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.
Path traversal vulnerability in Google Web Designer's template handling mechanism that enables remote code execution when users are socially engineered into downloading malicious ad templates. Versions prior to 16.3.0.0407 on Windows are affected, and the vulnerability requires user interaction (UI:R) but has no authentication requirements (PR:N). While CVSS 8.8 indicates high severity with complete confidentiality, integrity, and availability impact, exploitation probability and KEV status information is not provided in the available intelligence.
A file upload vulnerability in all (CVSS 8.8). High severity vulnerability requiring prompt remediation.
Privilege escalation vulnerability in UpdateNavi and UpdateNaviInstallService that allows local authenticated attackers to modify arbitrary registry values or execute arbitrary code through improper communication channel restrictions. Affected versions include UpdateNavi V1.4 L10-L33 and UpdateNaviInstallService 1.2.0091-1.2.0125. With a CVSS score of 7.1 and local attack vector requiring low privileges, this vulnerability poses significant risk to systems running vulnerable versions, particularly in scenarios where local user accounts have network access or elevation paths.
A remote code execution vulnerability (CVSS 9.2). Critical severity with potential for significant impact on affected systems.
A remote code execution vulnerability (CVSS 7.2). High severity vulnerability requiring prompt remediation.
DLL hijacking vulnerability in ClipShare Server for Windows (versions prior to 3.8.5) that allows local, non-privileged users to achieve arbitrary code execution and potential privilege escalation by placing malicious DLLs in the application directory. The vulnerability exploits Windows' default DLL search order, where the application directory is searched before system paths, and poses a reliable privilege escalation risk when ClipShare is run by elevated users. This is a local attack requiring write access to the installation directory.
Critical command injection vulnerability in u-link Management API that allows unauthenticated remote attackers positioned as man-in-the-middle (MITM) to inject arbitrary commands into WWH server responses, which are then executed with elevated privileges. The vulnerability requires clients to use insecure proxy configurations to exploit, resulting in complete system compromise (CVSS 9.8). While no public POC or KEV listing is available at publication, the attack vector is network-based with low complexity, making this a significant priority for organizations using u-link with proxy infrastructure.
Critical CSRF vulnerability affecting network devices that allows unauthenticated remote attackers to execute arbitrary commands with root privileges by exploiting missing CSRF protections. The vulnerability requires minimal user interaction and presents an exceptionally high real-world risk due to its network-accessible attack vector, root-level command execution capability, and lack of authentication requirements. Active exploitation status and proof-of-concept availability should be confirmed through CISA KEV and exploit databases, as this combination of factors (no auth + remote + root RCE) typically indicates urgent patch deployment.
The WordPress Automatic Plugin (all versions up to 3.115.0) contains an arbitrary file upload vulnerability in core.php due to insufficient file type validation, allowing authenticated attackers with Author-level or higher privileges to upload malicious files and potentially achieve remote code execution. This is a high-severity vulnerability (CVSS 8.8) affecting a widely-deployed WordPress plugin; real-world exploitation requires valid WordPress credentials at Author level or above, but successful exploitation enables complete server compromise.
WP-DownloadManager plugin for WordPress versions up to 1.68.10 contains an arbitrary file deletion vulnerability (CVE-2025-4799) that allows authenticated administrators to delete any file on the server without directory restrictions. When paired with CVE-2025-4798, attackers can delete critical files like wp-config.php, leading to remote code execution. The vulnerability requires high-privilege administrative access, resulting in a CVSS 7.2 score with high confidentiality, integrity, and availability impact.