RCE
Monthly
A remote code execution vulnerability in the OSSEC HIDS agent for Windows (CVSS 9.5) that allows an attacker. Critical severity with potential for significant impact on affected systems.
CVE-2024-1243 is an improper input validation vulnerability in Wazuh agent for Windows (versions prior to 4.8.0) that allows attackers with control over the Wazuh server or possession of agent keys to redirect agents to malicious UNC paths, resulting in NetNTLMv2 hash leakage. The leaked hash can be relayed for remote code execution or abused for privilege escalation to SYSTEM level via AD CS certificate forging. This vulnerability represents a critical supply-chain/credential-leakage risk for Windows environments using Wazuh, though exploitation requires elevated privileges (high PR requirement) and knowledge of agent keys or server compromise.
Type confusion vulnerability in Google Chrome's V8 JavaScript engine that enables remote code execution within the Chrome sandbox prior to version 137.0.7151.103. An attacker can exploit this via a crafted HTML page by tricking a user into visiting a malicious website, achieving arbitrary code execution with high severity impact (CVSS 8.8). The vulnerability's network-based attack vector, low complexity, and requirement only for user interaction make it a practical exploitation target.
Use-after-free vulnerability in Google Chrome's Media component that allows remote attackers to corrupt heap memory and achieve arbitrary code execution through a crafted HTML page. All Chrome versions prior to 137.0.7151.103 are affected. The vulnerability requires user interaction (clicking/viewing the malicious page) but can lead to complete system compromise with high impact on confidentiality, integrity, and availability.
Critical Secure Boot bypass vulnerability in UEFI firmware affecting systems with improper digital signature verification in the NVRAM variable validation process. Attackers with local access and low privileges can create malicious non-authenticated NVRAM variables to bypass signature verification mechanisms, enabling execution of arbitrary signed UEFI code and circumventing Secure Boot protections. This vulnerability requires local access and non-trivial complexity but impacts core boot security; real-world exploitation likelihood and active KEV status are critical factors pending vendor disclosure.
Remote code execution vulnerability in KDE Konsole before version 25.04.2 that exploits improper fallback behavior in URL scheme handler processing. When a user clicks on ssh://, telnet://, or rlogin:// URLs, Konsole attempts to execute the corresponding binary; if unavailable, it dangerously falls back to /bin/bash with the URL as an argument, allowing arbitrary command execution. The vulnerability requires user interaction (clicking a malicious link) but affects all Konsole users, potentially at scale through phishing or drive-by attacks.
A buffer overflow vulnerability in Heap-based buffer overflow in Microsoft Office Word (CVSS 8.4) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.
Critical arbitrary write vulnerability in Microsoft-signed UEFI firmware that permits attackers with high privileges to execute untrusted code and modify firmware settings stored in NVRAM, potentially enabling persistence mechanisms and full system compromise. The vulnerability affects UEFI implementations across multiple Microsoft platforms, with a CVSS score of 8.2 reflecting high severity. While specific KEV status and EPSS probability data were not provided in available sources, the local attack vector and high privilege requirement suggest this poses elevated risk primarily to targeted systems rather than widespread exploitation.
Heap-based buffer overflow vulnerability in Adobe InCopy versions 20.2, 19.5.3 and earlier that allows arbitrary code execution with the privileges of the current user. The vulnerability requires user interaction (opening a malicious file) and presents a high-severity risk due to its direct code execution capability; exploitation likelihood and real-world attack status cannot be fully assessed without KEV confirmation or public POC availability.
Use After Free (UAF) vulnerability in Adobe Acrobat Reader that allows arbitrary code execution with the privileges of the current user. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple release tracks. Exploitation requires user interaction (opening a malicious PDF file), but the high CVSS score of 7.8 and local attack vector indicate significant real-world risk; KEV and active exploitation status should be confirmed from official sources.
A remote code execution vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
CVE-2025-43575 is an out-of-bounds write vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with high integrity and confidentiality impact. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple product lines. Exploitation requires user interaction (opening a malicious PDF), but once triggered, allows code execution in the context of the current user with no privilege elevation needed.
Use After Free (UAF) vulnerability in Adobe Acrobat Reader affecting versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier that enables arbitrary code execution with the privileges of the current user. The vulnerability requires user interaction (opening a malicious PDF file) but has a high CVSS score of 7.8 due to the severity of potential code execution impact. Without confirmed KEV listing or public POC data provided, this represents a significant but not yet confirmed active threat.
Use After Free (UAF) vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with high privilege context on affected systems. The vulnerability impacts multiple versions across different release branches (24.001.30235, 20.005.30763, 25.001.20521 and earlier), requiring only user interaction to trigger exploitation via malicious PDF files. With a CVSS score of 7.8 and no privilege escalation required, this represents a significant risk to enterprise and consumer users relying on Acrobat Reader for document handling.
Use After Free vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with user-level privileges when a victim opens a malicious PDF file. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple product lines. This vulnerability requires user interaction but presents high severity due to memory corruption leading to code execution, with exploitation probability and active exploitation status dependent on available public exploits.
CVE-2025-30327 is an integer overflow vulnerability in Adobe InCopy that enables arbitrary code execution with the privileges of the current user. Versions 20.2, 19.5.3 and earlier are affected; exploitation requires a user to open a malicious file, making it a file-based attack vector with moderate attack complexity. The vulnerability has a CVSS score of 7.8 (high severity) with complete impact on confidentiality, integrity, and availability, though real-world exploitation depends on user interaction and file delivery success.
MicroDicom DICOM Viewer contains an out-of-bounds write vulnerability (CWE-787) that allows remote attackers to execute arbitrary code with high integrity and confidentiality impact (CVSS 8.8). The vulnerability requires user interaction-either visiting a malicious website or opening a crafted DICOM file-making it exploitable in realistic attack scenarios. No active exploitation in the wild (KEV) or public POC has been confirmed at this time, but the network-accessible attack vector and low complexity suggest meaningful real-world risk.
A remote code execution vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
CVE-2025-43581 is an out-of-bounds write vulnerability in Adobe Substance3D - Sampler (versions 5.0 and earlier) that enables arbitrary code execution within the current user's security context. The vulnerability requires user interaction-specifically opening a malicious file-making it a file-based attack vector. With a CVSS score of 7.8 and high impact ratings for confidentiality, integrity, and availability, this represents a significant local privilege escalation risk for affected users, though exploitation requires social engineering or file delivery mechanisms.
Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high privileges. The vulnerability affects Word processing functionality and requires no user interaction, making it a critical local privilege escalation vector. Without confirmed KEV status or public POC availability, real-world exploitation likelihood should be assessed against EPSS data and patch availability from Microsoft security advisories.
A security vulnerability in Use after free in Microsoft Office (CVSS 8.4) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.
Local code execution vulnerability in Microsoft Office Outlook triggered by improper path traversal handling (CWE-35) in the '.../...//' sequence. Authorized users with local access can exploit this to execute arbitrary code with the privileges of the Outlook process, achieving high confidentiality, integrity, and availability impact. This vulnerability requires local access and existing user privileges but no user interaction, making it a significant risk for multi-user systems or compromised local accounts.
Heap-based buffer overflow vulnerability in Microsoft Office Excel that allows local attackers to execute arbitrary code with high privileges (confidentiality, integrity, and availability impact). The vulnerability requires user interaction (opening a malicious Excel file) but no special privileges, making it a practical threat to Excel users. With a CVSS score of 7.8 and local attack vector, this represents a significant code execution risk for organizations relying on Excel for document processing.
CVE-2025-47173 is an improper input validation vulnerability in Microsoft Office that allows local code execution without requiring user privileges, though user interaction is needed. An attacker with local access can craft a malicious Office document that, when opened by a user, executes arbitrary code with the privileges of the affected Office application. This vulnerability affects Microsoft Office products across multiple versions and poses a moderate-to-high risk given its local attack vector and high impact on confidentiality, integrity, and availability.
SQL injection vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely without user interaction. The vulnerability affects SharePoint deployments where an authorized user can craft malicious SQL commands through improperly neutralized input fields. This is a high-severity issue (CVSS 8.8) with significant confidentiality, integrity, and availability impact, particularly concerning given SharePoint's role as a critical enterprise collaboration platform.
Heap-based buffer overflow vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability requires user interaction (opening a malicious document) but no elevated privileges, making it a significant local code execution threat affecting Word users who open untrusted documents.
Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high severity (CVSS 7.8). The vulnerability requires user interaction (opening a malicious document) but grants complete system compromise through code execution. This is a memory safety issue (CWE-416) in Word's document processing engine that could be actively exploited if public POC becomes available.
Critical deserialization vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely with high impact to confidentiality, integrity, and availability. The vulnerability affects SharePoint environments where an authorized user can submit malicious serialized objects, bypassing input validation due to unsafe deserialization practices (CWE-502). While the attack requires valid credentials (PR:L), the network-accessible attack vector (AV:N), low attack complexity (AC:L), and high CVSS score of 8.8 indicate significant real-world risk, particularly in organizations with broad internal user bases or federated access.
Use-after-free vulnerability in Microsoft Office Excel that allows local code execution with high severity (CVSS 7.8). An attacker with local access can trigger the vulnerability through user interaction (opening a malicious file) to execute arbitrary code with the privileges of the Excel process, potentially achieving full system compromise. No KEV status, active exploitation data, or public POC availability was confirmed in the provided dataset, but the high CVSS score and local attack vector indicate this requires prompt patching.
Use-after-free (UAF) vulnerability in Microsoft Office that allows unauthenticated local attackers to execute arbitrary code with no user interaction required. The vulnerability affects multiple Microsoft Office versions and has a CVSS score of 8.4 (High), indicating severe risk with high impact to confidentiality, integrity, and availability. Without publicly disclosed EPSS data or KEV confirmation provided, the actual exploitation likelihood in the wild remains unconfirmed, though the local attack vector and lack of privilege/interaction requirements suggest moderate real-world exploitability once weaponized.
Critical deserialization vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely without user interaction. The vulnerability affects SharePoint environments where untrusted data is deserialized, enabling network-based code execution with high impact to confidentiality, integrity, and availability. While no public exploit code has been confirmed in open intelligence sources, the CVSS 8.8 rating and low attack complexity suggest this is a high-priority patch for all affected organizations.
Heap-based buffer overflow vulnerability in Microsoft Office that allows unauthenticated local attackers to execute arbitrary code with high privileges. The vulnerability affects Microsoft Office products across multiple versions and requires no user interaction or special privileges to exploit. With a CVSS score of 8.4 and local attack vector, this represents a severe local privilege escalation and code execution risk; exploitation status and real-world activity should be verified against KEV catalogs and EPSS scoring.
CVE-2025-47108 is an out-of-bounds write vulnerability in Adobe Substance3D Painter versions 11.0.1 and earlier that allows arbitrary code execution with user-level privileges. The vulnerability requires user interaction-specifically opening a malicious file-making it a file-based attack vector. While no CVSS:3.1 score of 7.8 indicates high severity with local attack surface, exploitation depends on social engineering to deliver the malicious file.
CVE-2025-43593 is an out-of-bounds write vulnerability in Adobe InDesign Desktop that enables arbitrary code execution with high severity (CVSS 7.8). Affected versions include ID20.2, ID19.5.3 and earlier on local systems. Exploitation requires user interaction (opening a malicious file), but once triggered, grants full code execution capabilities in the context of the current user. Current KEV and EPSS status unknown from provided data, but the local attack vector combined with user interaction requirement and high CVSS score indicates moderate-to-high real-world risk for targeted attacks against design professionals.
CVE-2025-43590 is an out-of-bounds write vulnerability in Adobe InDesign Desktop that allows arbitrary code execution with the privileges of the current user. Affected versions include ID20.2, ID19.5.3, and earlier releases. Exploitation requires user interaction-specifically opening a malicious file-but once triggered, grants an attacker full code execution capabilities in the context of the authenticated user.
Use-after-free vulnerability in Adobe InDesign Desktop that allows arbitrary code execution with the privileges of the current user. Affected versions are InDesign ID20.2, ID19.5.3, and earlier; exploitation requires a victim to open a malicious file. This is a high-severity local vulnerability with user interaction required, but without confirmed active exploitation data or public POC availability indicated in the provided intelligence.
A remote code execution vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
Local privilege escalation vulnerability in IBM AIX 7.3 and IBM VIOS 4.1.1's Perl implementation that allows non-privileged local users to execute arbitrary code through improper pathname neutralization (path traversal). With a CVSS score of 8.4 and no authentication requirement, this represents a critical risk for AIX environments where local user access exists. The vulnerability's active exploitation status and proof-of-concept availability would significantly elevate real-world risk.
Use-after-free memory corruption vulnerability in Windows KDC Proxy Service (KPSSVC) that allows unauthenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability affects Windows systems running the Kerberos KDC Proxy Service and represents a critical remote code execution risk in Active Directory environments. While specific KEV/POC status and EPSS scores are not provided in the source data, the network attack vector combined with high CVSS 8.1 score and remote code execution capability indicates this is a significant priority for organizations relying on Windows authentication infrastructure.
Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files.
FortiADC versions 6.1 through 7.6.1 contain an OS command injection vulnerability (CWE-78) that allows authenticated attackers with high privileges to execute arbitrary code through crafted HTTP requests. The vulnerability affects multiple product versions across several release branches, with a CVSS score of 7.2 indicating high severity. While the attack requires authentication and high-level privileges, successful exploitation results in complete system compromise with confidentiality, integrity, and availability impact.
Heap-based buffer overflow vulnerability in Adobe InDesign Desktop that allows arbitrary code execution when a user opens a malicious file. Affected versions include InDesign ID20.2, ID19.5.3, and earlier. The vulnerability requires user interaction but presents high severity risk (CVSS 7.8) with potential for complete system compromise in the context of the affected user's privileges.
Memory management vulnerability in Windows Cryptographic Services where memory is not properly released after its effective lifetime, enabling unauthenticated remote code execution. The vulnerability affects Windows cryptographic components and allows network-based attackers to execute arbitrary code with high complexity requirements. While the CVSS score of 8.1 indicates significant severity, exploitation requires specific conditions (high attack complexity), and current status regarding KEV listing, EPSS score, and public POC availability is unknown pending official Microsoft advisory release.
A security vulnerability in A vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.
Privilege escalation vulnerability in Autodesk Installer applications where a maliciously crafted binary file exploits an untrusted search path to achieve NT AUTHORITY/SYSTEM level code execution. The vulnerability requires local user interaction (file download) but no privileges, making it a significant risk for Windows environments running Autodesk products. While CVSS 7.8 indicates high severity, the local attack vector and required user interaction limit the attack surface compared to remote exploits.
A remote code execution vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.
A remote code execution vulnerability in A possible security vulnerability (CVSS 8.8). High severity vulnerability requiring prompt remediation.
A arbitrary file access vulnerability (CVSS 8.8). Risk factors: public PoC available.
A critical OS command injection vulnerability exists in Zend.To versions up to 6.10-6 Beta, where unsanitized user input in the 'file_1' parameter of NSSDropoff.php's exec function allows remote, unauthenticated attackers to execute arbitrary system commands with application-level privileges. The vulnerability has been publicly disclosed with working exploits available, making active exploitation probable, though it affects an older software version that has been superseded by newer releases with additional security controls.
Critical stack-based buffer overflow vulnerability in D-Link DIR-632 firmware version FW103B08, affecting the HTTP POST Request Handler's do_file function. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the affected product is end-of-life with no vendor support.
The Abandoned Cart Pro for WooCommerce plugin (versions ≤9.16.0) contains an authenticated arbitrary file upload vulnerability in the wcap_add_to_cart_popup_upload_files function that lacks file type validation. Authenticated attackers with subscriber-level privileges can upload arbitrary files to the server, potentially enabling remote code execution depending on server configuration. This is a high-severity vulnerability (CVSS 8.8) affecting WooCommerce e-commerce sites; exploitation requires valid user credentials but no user interaction.
A buffer overflow vulnerability in TOTOLINK EX1200T (CVSS 8.8). Risk factors: public PoC available.
Critical buffer overflow vulnerability in TOTOLINK EX1200T routers (firmware versions up to 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at endpoint /boafrm/formWsc. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit code available and may be actively exploited in the wild.
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless routers (up to firmware version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formReflashClientTbl endpoint. An authenticated attacker can remotely exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability violations. Public exploit code has been disclosed, making this an active threat with demonstrated proof-of-concept availability.
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless routers (up to version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formIpQoS endpoint. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability). The exploit has been publicly disclosed and proof-of-concept code is available, making this a high-priority threat for affected deployments.
Critical buffer overflow vulnerability in TOTOLINK EX1200T routers (firmware versions up to 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at the /boafrm/formFilter endpoint. An authenticated remote attacker can exploit this vulnerability to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has been publicly disclosed with exploit code available, creating immediate risk for deployed devices.
A remote code execution vulnerability (CVSS 6.7) that allows the attacker. Remediation should follow standard vulnerability management procedures.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the WiFi repeater configuration function. An authenticated remote attacker can exploit this vulnerability by sending a malicious POST request with an oversized Password parameter to /cgi-bin/cstecgi.cgi, achieving complete compromise of the device including arbitrary code execution. Public disclosure and proof-of-concept code availability significantly elevate real-world risk despite requiring authenticated access.
A critical buffer overflow vulnerability exists in TOTOLINK T10 firmware version 4.1.8cu.5207 in the setWiFiMeshName function of the POST request handler (/cgi-bin/cstecgi.cgi). An authenticated remote attacker can overflow the device_name parameter to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, elevating real-world risk despite the requirement for authenticated access.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiAclRules function in the POST request handler (/cgi-bin/cstecgi.cgi). An authenticated attacker can remotely exploit this vulnerability by manipulating the 'desc' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exists, elevating real-world exploitation risk despite requiring low-privilege authentication.
Critical remote buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setUpgradeFW function in the POST request handler. An authenticated remote attacker can exploit improper input validation on the slaveIpList parameter to achieve complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability has public exploit code available and represents an actively exploitable threat.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the UploadCustomModule function in the POST request handler at /cgi-bin/cstecgi.cgi. An authenticated remote attacker can exploit this vulnerability by manipulating the File argument to achieve buffer overflow, resulting in complete system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit disclosure and represents an immediate threat to affected devices.
DNS rebinding vulnerability in Caido (web security auditing toolkit) versions prior to 0.48.0 that allows attackers to hijack the authentication flow and achieve remote code execution. An attacker can load Caido on an attacker-controlled domain through DNS rebinding attacks, either during initial setup or by re-initiating the authentication flow on an already-configured instance. The vulnerability requires user interaction (UI:R) but poses high impact (C:H, I:H, A:H) with a CVSS score of 7.5, and the patch is available in version 0.48.0.
CVE-2025-5914 is an integer overflow vulnerability in libarchive's archive_read_format_rar_seek_data() function that leads to a double-free memory corruption condition. This affects all users of libarchive who process untrusted RAR archive files, potentially allowing arbitrary code execution or denial-of-service with user interaction (opening a malicious RAR file). While no KEV listing or confirmed public exploits are currently documented, the high CVSS score (7.8) and memory safety nature of the vulnerability indicate significant real-world risk if weaponized.
PHP Local File Inclusion (LFI) vulnerability in Unfoldwp Blogmine versions up to 1.1.7 that allows unauthenticated remote attackers to include and execute arbitrary files on the server. The vulnerability stems from improper input validation on filename parameters used in PHP include/require statements (CWE-98). While the CVSS score of 8.1 reflects high impact potential across confidentiality, integrity, and availability, the AC:H (Attack Complexity: High) suggests exploitation requires specific conditions; KEV status, EPSS probability, and public POC availability are critical factors for determining actual prioritization.
PHP Local File Inclusion (LFI) vulnerability in Gavias Krowd versions up to 1.4.1 that allows unauthenticated remote attackers to include and execute arbitrary local files on the server. The vulnerability stems from improper control of filename parameters in PHP include/require statements (CWE-98), enabling attackers to read sensitive files or execute malicious code with high complexity but high impact including confidentiality, integrity, and availability compromise. No public exploit code or active exploitation reports are currently available in standard vulnerability databases, but the high CVSS score (8.1) and network-accessible attack vector indicate significant risk for unpatched installations.
PHP Local File Inclusion (LFI) vulnerability in snstheme Nitan theme affecting versions through 2.9, allowing unauthenticated remote attackers to include and execute arbitrary local files on the server. While the CVSS score of 8.1 indicates high severity with potential for confidentiality, integrity, and availability impact, the attack complexity is marked as HIGH, suggesting exploitation requires specific conditions or server configurations. The vulnerability stems from improper validation of filename parameters in PHP include/require statements (CWE-98), a classic but dangerous class of web application flaws.
FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.11 has insufficient isolation and inadequate restrictions on code execution by allowing overly permissive syscalls, which allows attackers to escape the intended sandbox boundaries. Attackers could exploit this to read and overwrite arbitrary files and bypass Python module import restrictions. This is patched in version 4.9.11 by restricting the allowed system calls to a safer subset and additional descriptive error messaging.
A security vulnerability in WilderForge (CVSS 9.9). Critical severity with potential for significant impact on affected systems.
Discourse versions prior to 3.4.4 (stable), 3.5.0.beta5 (beta), and 3.5.0.beta6-dev (tests-passed) contain a critical vulnerability where Codepen is included in the default `allowed_iframes` site setting and can auto-execute arbitrary JavaScript within the iframe scope, enabling unauthenticated remote code execution. With a CVSS score of 9.8 and network-accessible attack vector requiring no privileges or user interaction, this vulnerability poses severe risk to all default Discourse installations and should be prioritized for immediate patching.
A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.
Critical remote code execution vulnerability in Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior, exploitable through the Content Search module without authentication. An attacker can achieve arbitrary code execution with high confidentiality, integrity, and availability impact across the system boundary (CVSS 9.6). This vulnerability requires user interaction (UI=R) and involves improper file upload handling (CWE-434); active exploitation status and POC availability require verification through CISA KEV and public disclosures.
A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.
A command injection vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.
A command injection vulnerability exists in the Quantenna Wi-Fi chipset's router_command.sh script affecting versions through 8.0.0.28 of the SDK. The flaw allows unauthenticated local attackers to inject arbitrary commands via improper argument handling in the put_file_to_qtn parameter, potentially leading to confidentiality and integrity compromise. No official patch is available as of the CVE publication date, though the vendor has released mitigation guidance; this vulnerability is not currently tracked as actively exploited in CISA's Known Exploited Vulnerabilities catalog.
A command injection vulnerability exists in the Quantenna Wi-Fi chipset's router_command.sh local control script, allowing unauthenticated local attackers to execute arbitrary commands with high impact on confidentiality and integrity. The vulnerability affects Quantenna Wi-Fi chipset versions through 8.0.0.28 of the latest SDK and remains unpatched as of the CVE publication date, though the vendor has provided best practices guidance rather than a direct patch. With a CVSS score of 7.7 and local attack vector requirements, this poses significant risk to routers and access points using affected Quantenna chipsets, particularly in multi-user or compromised-local-network scenarios.
Skyvern versions through 0.1.85 contain a server-side template injection (SSTI) vulnerability in the Prompt field of workflow blocks (specifically Navigation v2 Block) that allows authenticated users to inject malicious Jinja2 template expressions. These expressions are evaluated server-side without proper sanitization, enabling blind remote code execution. With a CVSS score of 8.5, this vulnerability requires valid authentication but has high confidentiality impact and crosses trust boundaries (CVSS:3.1/S:C).
Kafbat UI version 1.0.0 contains an unsafe deserialization vulnerability (CWE-502) that allows unauthenticated remote attackers to execute arbitrary code on affected servers with no user interaction required. This is a critical pre-authentication RCE affecting Kafka cluster management infrastructure. The vulnerability has a CVSS score of 8.9 with high impact across confidentiality, integrity, and availability; patch is available in version 1.1.0.
Out-of-bounds write vulnerability in Sante DICOM Viewer Pro's DCM file parsing that allows remote code execution with high severity (CVSS 7.8). The vulnerability affects users who open malicious DICOM files, enabling attackers to execute arbitrary code in the application's process context. This is a user-interaction-dependent vulnerability with local attack vector, but the ability to trigger RCE via file opening makes it practically significant for targeted attacks.
Local privilege escalation vulnerability in Action1 where an attacker with low-privileged code execution can exploit an insecure OpenSSL configuration file loading mechanism to achieve SYSTEM-level code execution. The vulnerability requires prior code execution capability on the target system but presents a direct path to full system compromise once initial access is obtained. No active exploitation or public POC has been confirmed at this time, but the moderate CVSS score of 7.8 and CWE-427 classification indicate a meaningful risk to Action1 users.
Local privilege escalation vulnerability in 2BrightSparks SyncBackFree that allows low-privileged attackers to escalate to SYSTEM-level privileges by abusing the Mirror functionality through malicious junction creation. The vulnerability requires local code execution capability and administrator interaction, enabling arbitrary file deletion and code execution with SYSTEM privileges. This is a moderately severe local privilege escalation with a CVSS score of 7.3.
Critical remote code execution vulnerability in GIMP's ICO file parser caused by an integer overflow (CWE-190) that lacks proper input validation. This vulnerability affects GIMP users who open malicious ICO files or visit attacker-controlled pages serving malicious images, allowing arbitrary code execution with user privileges. The CVSS score of 8.8 reflects high severity with network-accessible attack vector and required user interaction; exploitation status and active weaponization details require cross-reference with KEV/EPSS data.
Directory traversal vulnerability in Allegra's extractFileFromZip method that allows authenticated attackers to execute arbitrary code on affected systems. The vulnerability stems from insufficient path validation, enabling remote code execution in the context of the running process. With a CVSS score of 8.8 and requiring only low-privilege authentication, this represents a significant risk to Allegra deployments, though exploitation requires prior authenticated access.
Critical authentication bypass vulnerability in the 70mai A510 dashcam that exploits default credentials in the device's user account configuration. Network-adjacent attackers can bypass authentication without any credentials and achieve remote code execution with root privileges. This vulnerability presents an immediate and severe risk due to its low attack complexity, lack of user interaction requirement, and the widespread deployment of 70mai dashcams in vehicles.
A critical buffer overflow vulnerability exists in TOTOLINK EX1200T firmware version 4.1.2cu.5232_B20210713 in the HTTP POST request handler for the /boafrm/formPortFw endpoint. An authenticated attacker can exploit this by manipulating the 'service_type' parameter to achieve remote code execution with high impact to confidentiality, integrity, and availability (CVSS 8.8). Public exploits are available, making this an active threat.
A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.
A critical buffer overflow vulnerability exists in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST request handler in the /boafrm/formPortFw endpoint. An authenticated attacker can exploit the unsanitized 'service_type' parameter to trigger a buffer overflow, achieving remote code execution with high impact on confidentiality, integrity, and availability. Public exploit code is available and the vulnerability meets criteria for active exploitation risk.
Critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST request handler at endpoint /boafrm/formWsc. An authenticated remote attacker can exploit this via a malicious 'submit-url' parameter to achieve remote code execution with high impact on confidentiality, integrity, and availability. Public exploit code is available, creating immediate risk for affected deployments.
Critical buffer overflow vulnerability in TOTOLINK X15 1.0.0-B20230714.1105 affecting the DMZ configuration HTTP POST handler. An authenticated attacker can exploit a malformed 'submit-url' parameter in the /boafrm/formDMZ endpoint to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). A proof-of-concept exploit has been publicly disclosed, and the vulnerability may be actively exploited in the wild.
Heap-based buffer overflow vulnerability in WOLFBOX Level 2 EV Charger that allows network-adjacent attackers to execute arbitrary code without authentication. The flaw exists in the tuya_svc_devos_activate_result_parse function where insufficient validation of secKey, localKey, stdTimeZone, and devId parameters enables remote code execution. With a CVSS score of 8.8 and network-adjacent attack vector, this represents a critical risk for deployed EV charging infrastructure.
A remote code execution vulnerability in the OSSEC HIDS agent for Windows (CVSS 9.5) that allows an attacker. Critical severity with potential for significant impact on affected systems.
CVE-2024-1243 is an improper input validation vulnerability in Wazuh agent for Windows (versions prior to 4.8.0) that allows attackers with control over the Wazuh server or possession of agent keys to redirect agents to malicious UNC paths, resulting in NetNTLMv2 hash leakage. The leaked hash can be relayed for remote code execution or abused for privilege escalation to SYSTEM level via AD CS certificate forging. This vulnerability represents a critical supply-chain/credential-leakage risk for Windows environments using Wazuh, though exploitation requires elevated privileges (high PR requirement) and knowledge of agent keys or server compromise.
Type confusion vulnerability in Google Chrome's V8 JavaScript engine that enables remote code execution within the Chrome sandbox prior to version 137.0.7151.103. An attacker can exploit this via a crafted HTML page by tricking a user into visiting a malicious website, achieving arbitrary code execution with high severity impact (CVSS 8.8). The vulnerability's network-based attack vector, low complexity, and requirement only for user interaction make it a practical exploitation target.
Use-after-free vulnerability in Google Chrome's Media component that allows remote attackers to corrupt heap memory and achieve arbitrary code execution through a crafted HTML page. All Chrome versions prior to 137.0.7151.103 are affected. The vulnerability requires user interaction (clicking/viewing the malicious page) but can lead to complete system compromise with high impact on confidentiality, integrity, and availability.
Critical Secure Boot bypass vulnerability in UEFI firmware affecting systems with improper digital signature verification in the NVRAM variable validation process. Attackers with local access and low privileges can create malicious non-authenticated NVRAM variables to bypass signature verification mechanisms, enabling execution of arbitrary signed UEFI code and circumventing Secure Boot protections. This vulnerability requires local access and non-trivial complexity but impacts core boot security; real-world exploitation likelihood and active KEV status are critical factors pending vendor disclosure.
Remote code execution vulnerability in KDE Konsole before version 25.04.2 that exploits improper fallback behavior in URL scheme handler processing. When a user clicks on ssh://, telnet://, or rlogin:// URLs, Konsole attempts to execute the corresponding binary; if unavailable, it dangerously falls back to /bin/bash with the URL as an argument, allowing arbitrary command execution. The vulnerability requires user interaction (clicking a malicious link) but affects all Konsole users, potentially at scale through phishing or drive-by attacks.
A buffer overflow vulnerability in Heap-based buffer overflow in Microsoft Office Word (CVSS 8.4) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.
Critical arbitrary write vulnerability in Microsoft-signed UEFI firmware that permits attackers with high privileges to execute untrusted code and modify firmware settings stored in NVRAM, potentially enabling persistence mechanisms and full system compromise. The vulnerability affects UEFI implementations across multiple Microsoft platforms, with a CVSS score of 8.2 reflecting high severity. While specific KEV status and EPSS probability data were not provided in available sources, the local attack vector and high privilege requirement suggest this poses elevated risk primarily to targeted systems rather than widespread exploitation.
Heap-based buffer overflow vulnerability in Adobe InCopy versions 20.2, 19.5.3 and earlier that allows arbitrary code execution with the privileges of the current user. The vulnerability requires user interaction (opening a malicious file) and presents a high-severity risk due to its direct code execution capability; exploitation likelihood and real-world attack status cannot be fully assessed without KEV confirmation or public POC availability.
Use After Free (UAF) vulnerability in Adobe Acrobat Reader that allows arbitrary code execution with the privileges of the current user. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple release tracks. Exploitation requires user interaction (opening a malicious PDF file), but the high CVSS score of 7.8 and local attack vector indicate significant real-world risk; KEV and active exploitation status should be confirmed from official sources.
A remote code execution vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
CVE-2025-43575 is an out-of-bounds write vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with high integrity and confidentiality impact. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple product lines. Exploitation requires user interaction (opening a malicious PDF), but once triggered, allows code execution in the context of the current user with no privilege elevation needed.
Use After Free (UAF) vulnerability in Adobe Acrobat Reader affecting versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier that enables arbitrary code execution with the privileges of the current user. The vulnerability requires user interaction (opening a malicious PDF file) but has a high CVSS score of 7.8 due to the severity of potential code execution impact. Without confirmed KEV listing or public POC data provided, this represents a significant but not yet confirmed active threat.
Use After Free (UAF) vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with high privilege context on affected systems. The vulnerability impacts multiple versions across different release branches (24.001.30235, 20.005.30763, 25.001.20521 and earlier), requiring only user interaction to trigger exploitation via malicious PDF files. With a CVSS score of 7.8 and no privilege escalation required, this represents a significant risk to enterprise and consumer users relying on Acrobat Reader for document handling.
Use After Free vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with user-level privileges when a victim opens a malicious PDF file. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple product lines. This vulnerability requires user interaction but presents high severity due to memory corruption leading to code execution, with exploitation probability and active exploitation status dependent on available public exploits.
CVE-2025-30327 is an integer overflow vulnerability in Adobe InCopy that enables arbitrary code execution with the privileges of the current user. Versions 20.2, 19.5.3 and earlier are affected; exploitation requires a user to open a malicious file, making it a file-based attack vector with moderate attack complexity. The vulnerability has a CVSS score of 7.8 (high severity) with complete impact on confidentiality, integrity, and availability, though real-world exploitation depends on user interaction and file delivery success.
MicroDicom DICOM Viewer contains an out-of-bounds write vulnerability (CWE-787) that allows remote attackers to execute arbitrary code with high integrity and confidentiality impact (CVSS 8.8). The vulnerability requires user interaction-either visiting a malicious website or opening a crafted DICOM file-making it exploitable in realistic attack scenarios. No active exploitation in the wild (KEV) or public POC has been confirmed at this time, but the network-accessible attack vector and low complexity suggest meaningful real-world risk.
A remote code execution vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
CVE-2025-43581 is an out-of-bounds write vulnerability in Adobe Substance3D - Sampler (versions 5.0 and earlier) that enables arbitrary code execution within the current user's security context. The vulnerability requires user interaction-specifically opening a malicious file-making it a file-based attack vector. With a CVSS score of 7.8 and high impact ratings for confidentiality, integrity, and availability, this represents a significant local privilege escalation risk for affected users, though exploitation requires social engineering or file delivery mechanisms.
Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high privileges. The vulnerability affects Word processing functionality and requires no user interaction, making it a critical local privilege escalation vector. Without confirmed KEV status or public POC availability, real-world exploitation likelihood should be assessed against EPSS data and patch availability from Microsoft security advisories.
A security vulnerability in Use after free in Microsoft Office (CVSS 8.4) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.
Local code execution vulnerability in Microsoft Office Outlook triggered by improper path traversal handling (CWE-35) in the '.../...//' sequence. Authorized users with local access can exploit this to execute arbitrary code with the privileges of the Outlook process, achieving high confidentiality, integrity, and availability impact. This vulnerability requires local access and existing user privileges but no user interaction, making it a significant risk for multi-user systems or compromised local accounts.
Heap-based buffer overflow vulnerability in Microsoft Office Excel that allows local attackers to execute arbitrary code with high privileges (confidentiality, integrity, and availability impact). The vulnerability requires user interaction (opening a malicious Excel file) but no special privileges, making it a practical threat to Excel users. With a CVSS score of 7.8 and local attack vector, this represents a significant code execution risk for organizations relying on Excel for document processing.
CVE-2025-47173 is an improper input validation vulnerability in Microsoft Office that allows local code execution without requiring user privileges, though user interaction is needed. An attacker with local access can craft a malicious Office document that, when opened by a user, executes arbitrary code with the privileges of the affected Office application. This vulnerability affects Microsoft Office products across multiple versions and poses a moderate-to-high risk given its local attack vector and high impact on confidentiality, integrity, and availability.
SQL injection vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely without user interaction. The vulnerability affects SharePoint deployments where an authorized user can craft malicious SQL commands through improperly neutralized input fields. This is a high-severity issue (CVSS 8.8) with significant confidentiality, integrity, and availability impact, particularly concerning given SharePoint's role as a critical enterprise collaboration platform.
Heap-based buffer overflow vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability requires user interaction (opening a malicious document) but no elevated privileges, making it a significant local code execution threat affecting Word users who open untrusted documents.
Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high severity (CVSS 7.8). The vulnerability requires user interaction (opening a malicious document) but grants complete system compromise through code execution. This is a memory safety issue (CWE-416) in Word's document processing engine that could be actively exploited if public POC becomes available.
Critical deserialization vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely with high impact to confidentiality, integrity, and availability. The vulnerability affects SharePoint environments where an authorized user can submit malicious serialized objects, bypassing input validation due to unsafe deserialization practices (CWE-502). While the attack requires valid credentials (PR:L), the network-accessible attack vector (AV:N), low attack complexity (AC:L), and high CVSS score of 8.8 indicate significant real-world risk, particularly in organizations with broad internal user bases or federated access.
Use-after-free vulnerability in Microsoft Office Excel that allows local code execution with high severity (CVSS 7.8). An attacker with local access can trigger the vulnerability through user interaction (opening a malicious file) to execute arbitrary code with the privileges of the Excel process, potentially achieving full system compromise. No KEV status, active exploitation data, or public POC availability was confirmed in the provided dataset, but the high CVSS score and local attack vector indicate this requires prompt patching.
Use-after-free (UAF) vulnerability in Microsoft Office that allows unauthenticated local attackers to execute arbitrary code with no user interaction required. The vulnerability affects multiple Microsoft Office versions and has a CVSS score of 8.4 (High), indicating severe risk with high impact to confidentiality, integrity, and availability. Without publicly disclosed EPSS data or KEV confirmation provided, the actual exploitation likelihood in the wild remains unconfirmed, though the local attack vector and lack of privilege/interaction requirements suggest moderate real-world exploitability once weaponized.
Critical deserialization vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely without user interaction. The vulnerability affects SharePoint environments where untrusted data is deserialized, enabling network-based code execution with high impact to confidentiality, integrity, and availability. While no public exploit code has been confirmed in open intelligence sources, the CVSS 8.8 rating and low attack complexity suggest this is a high-priority patch for all affected organizations.
Heap-based buffer overflow vulnerability in Microsoft Office that allows unauthenticated local attackers to execute arbitrary code with high privileges. The vulnerability affects Microsoft Office products across multiple versions and requires no user interaction or special privileges to exploit. With a CVSS score of 8.4 and local attack vector, this represents a severe local privilege escalation and code execution risk; exploitation status and real-world activity should be verified against KEV catalogs and EPSS scoring.
CVE-2025-47108 is an out-of-bounds write vulnerability in Adobe Substance3D Painter versions 11.0.1 and earlier that allows arbitrary code execution with user-level privileges. The vulnerability requires user interaction-specifically opening a malicious file-making it a file-based attack vector. While no CVSS:3.1 score of 7.8 indicates high severity with local attack surface, exploitation depends on social engineering to deliver the malicious file.
CVE-2025-43593 is an out-of-bounds write vulnerability in Adobe InDesign Desktop that enables arbitrary code execution with high severity (CVSS 7.8). Affected versions include ID20.2, ID19.5.3 and earlier on local systems. Exploitation requires user interaction (opening a malicious file), but once triggered, grants full code execution capabilities in the context of the current user. Current KEV and EPSS status unknown from provided data, but the local attack vector combined with user interaction requirement and high CVSS score indicates moderate-to-high real-world risk for targeted attacks against design professionals.
CVE-2025-43590 is an out-of-bounds write vulnerability in Adobe InDesign Desktop that allows arbitrary code execution with the privileges of the current user. Affected versions include ID20.2, ID19.5.3, and earlier releases. Exploitation requires user interaction-specifically opening a malicious file-but once triggered, grants an attacker full code execution capabilities in the context of the authenticated user.
Use-after-free vulnerability in Adobe InDesign Desktop that allows arbitrary code execution with the privileges of the current user. Affected versions are InDesign ID20.2, ID19.5.3, and earlier; exploitation requires a victim to open a malicious file. This is a high-severity local vulnerability with user interaction required, but without confirmed active exploitation data or public POC availability indicated in the provided intelligence.
A remote code execution vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
Local privilege escalation vulnerability in IBM AIX 7.3 and IBM VIOS 4.1.1's Perl implementation that allows non-privileged local users to execute arbitrary code through improper pathname neutralization (path traversal). With a CVSS score of 8.4 and no authentication requirement, this represents a critical risk for AIX environments where local user access exists. The vulnerability's active exploitation status and proof-of-concept availability would significantly elevate real-world risk.
Use-after-free memory corruption vulnerability in Windows KDC Proxy Service (KPSSVC) that allows unauthenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability affects Windows systems running the Kerberos KDC Proxy Service and represents a critical remote code execution risk in Active Directory environments. While specific KEV/POC status and EPSS scores are not provided in the source data, the network attack vector combined with high CVSS 8.1 score and remote code execution capability indicates this is a significant priority for organizations relying on Windows authentication infrastructure.
Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files.
FortiADC versions 6.1 through 7.6.1 contain an OS command injection vulnerability (CWE-78) that allows authenticated attackers with high privileges to execute arbitrary code through crafted HTTP requests. The vulnerability affects multiple product versions across several release branches, with a CVSS score of 7.2 indicating high severity. While the attack requires authentication and high-level privileges, successful exploitation results in complete system compromise with confidentiality, integrity, and availability impact.
Heap-based buffer overflow vulnerability in Adobe InDesign Desktop that allows arbitrary code execution when a user opens a malicious file. Affected versions include InDesign ID20.2, ID19.5.3, and earlier. The vulnerability requires user interaction but presents high severity risk (CVSS 7.8) with potential for complete system compromise in the context of the affected user's privileges.
Memory management vulnerability in Windows Cryptographic Services where memory is not properly released after its effective lifetime, enabling unauthenticated remote code execution. The vulnerability affects Windows cryptographic components and allows network-based attackers to execute arbitrary code with high complexity requirements. While the CVSS score of 8.1 indicates significant severity, exploitation requires specific conditions (high attack complexity), and current status regarding KEV listing, EPSS score, and public POC availability is unknown pending official Microsoft advisory release.
A security vulnerability in A vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.
Privilege escalation vulnerability in Autodesk Installer applications where a maliciously crafted binary file exploits an untrusted search path to achieve NT AUTHORITY/SYSTEM level code execution. The vulnerability requires local user interaction (file download) but no privileges, making it a significant risk for Windows environments running Autodesk products. While CVSS 7.8 indicates high severity, the local attack vector and required user interaction limit the attack surface compared to remote exploits.
A remote code execution vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.
A remote code execution vulnerability in A possible security vulnerability (CVSS 8.8). High severity vulnerability requiring prompt remediation.
A arbitrary file access vulnerability (CVSS 8.8). Risk factors: public PoC available.
A critical OS command injection vulnerability exists in Zend.To versions up to 6.10-6 Beta, where unsanitized user input in the 'file_1' parameter of NSSDropoff.php's exec function allows remote, unauthenticated attackers to execute arbitrary system commands with application-level privileges. The vulnerability has been publicly disclosed with working exploits available, making active exploitation probable, though it affects an older software version that has been superseded by newer releases with additional security controls.
Critical stack-based buffer overflow vulnerability in D-Link DIR-632 firmware version FW103B08, affecting the HTTP POST Request Handler's do_file function. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the affected product is end-of-life with no vendor support.
The Abandoned Cart Pro for WooCommerce plugin (versions ≤9.16.0) contains an authenticated arbitrary file upload vulnerability in the wcap_add_to_cart_popup_upload_files function that lacks file type validation. Authenticated attackers with subscriber-level privileges can upload arbitrary files to the server, potentially enabling remote code execution depending on server configuration. This is a high-severity vulnerability (CVSS 8.8) affecting WooCommerce e-commerce sites; exploitation requires valid user credentials but no user interaction.
A buffer overflow vulnerability in TOTOLINK EX1200T (CVSS 8.8). Risk factors: public PoC available.
Critical buffer overflow vulnerability in TOTOLINK EX1200T routers (firmware versions up to 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at endpoint /boafrm/formWsc. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit code available and may be actively exploited in the wild.
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless routers (up to firmware version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formReflashClientTbl endpoint. An authenticated attacker can remotely exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability violations. Public exploit code has been disclosed, making this an active threat with demonstrated proof-of-concept availability.
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless routers (up to version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formIpQoS endpoint. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability). The exploit has been publicly disclosed and proof-of-concept code is available, making this a high-priority threat for affected deployments.
Critical buffer overflow vulnerability in TOTOLINK EX1200T routers (firmware versions up to 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at the /boafrm/formFilter endpoint. An authenticated remote attacker can exploit this vulnerability to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has been publicly disclosed with exploit code available, creating immediate risk for deployed devices.
A remote code execution vulnerability (CVSS 6.7) that allows the attacker. Remediation should follow standard vulnerability management procedures.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the WiFi repeater configuration function. An authenticated remote attacker can exploit this vulnerability by sending a malicious POST request with an oversized Password parameter to /cgi-bin/cstecgi.cgi, achieving complete compromise of the device including arbitrary code execution. Public disclosure and proof-of-concept code availability significantly elevate real-world risk despite requiring authenticated access.
A critical buffer overflow vulnerability exists in TOTOLINK T10 firmware version 4.1.8cu.5207 in the setWiFiMeshName function of the POST request handler (/cgi-bin/cstecgi.cgi). An authenticated remote attacker can overflow the device_name parameter to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, elevating real-world risk despite the requirement for authenticated access.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiAclRules function in the POST request handler (/cgi-bin/cstecgi.cgi). An authenticated attacker can remotely exploit this vulnerability by manipulating the 'desc' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exists, elevating real-world exploitation risk despite requiring low-privilege authentication.
Critical remote buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setUpgradeFW function in the POST request handler. An authenticated remote attacker can exploit improper input validation on the slaveIpList parameter to achieve complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability has public exploit code available and represents an actively exploitable threat.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the UploadCustomModule function in the POST request handler at /cgi-bin/cstecgi.cgi. An authenticated remote attacker can exploit this vulnerability by manipulating the File argument to achieve buffer overflow, resulting in complete system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit disclosure and represents an immediate threat to affected devices.
DNS rebinding vulnerability in Caido (web security auditing toolkit) versions prior to 0.48.0 that allows attackers to hijack the authentication flow and achieve remote code execution. An attacker can load Caido on an attacker-controlled domain through DNS rebinding attacks, either during initial setup or by re-initiating the authentication flow on an already-configured instance. The vulnerability requires user interaction (UI:R) but poses high impact (C:H, I:H, A:H) with a CVSS score of 7.5, and the patch is available in version 0.48.0.
CVE-2025-5914 is an integer overflow vulnerability in libarchive's archive_read_format_rar_seek_data() function that leads to a double-free memory corruption condition. This affects all users of libarchive who process untrusted RAR archive files, potentially allowing arbitrary code execution or denial-of-service with user interaction (opening a malicious RAR file). While no KEV listing or confirmed public exploits are currently documented, the high CVSS score (7.8) and memory safety nature of the vulnerability indicate significant real-world risk if weaponized.
PHP Local File Inclusion (LFI) vulnerability in Unfoldwp Blogmine versions up to 1.1.7 that allows unauthenticated remote attackers to include and execute arbitrary files on the server. The vulnerability stems from improper input validation on filename parameters used in PHP include/require statements (CWE-98). While the CVSS score of 8.1 reflects high impact potential across confidentiality, integrity, and availability, the AC:H (Attack Complexity: High) suggests exploitation requires specific conditions; KEV status, EPSS probability, and public POC availability are critical factors for determining actual prioritization.
PHP Local File Inclusion (LFI) vulnerability in Gavias Krowd versions up to 1.4.1 that allows unauthenticated remote attackers to include and execute arbitrary local files on the server. The vulnerability stems from improper control of filename parameters in PHP include/require statements (CWE-98), enabling attackers to read sensitive files or execute malicious code with high complexity but high impact including confidentiality, integrity, and availability compromise. No public exploit code or active exploitation reports are currently available in standard vulnerability databases, but the high CVSS score (8.1) and network-accessible attack vector indicate significant risk for unpatched installations.
PHP Local File Inclusion (LFI) vulnerability in snstheme Nitan theme affecting versions through 2.9, allowing unauthenticated remote attackers to include and execute arbitrary local files on the server. While the CVSS score of 8.1 indicates high severity with potential for confidentiality, integrity, and availability impact, the attack complexity is marked as HIGH, suggesting exploitation requires specific conditions or server configurations. The vulnerability stems from improper validation of filename parameters in PHP include/require statements (CWE-98), a classic but dangerous class of web application flaws.
FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.11 has insufficient isolation and inadequate restrictions on code execution by allowing overly permissive syscalls, which allows attackers to escape the intended sandbox boundaries. Attackers could exploit this to read and overwrite arbitrary files and bypass Python module import restrictions. This is patched in version 4.9.11 by restricting the allowed system calls to a safer subset and additional descriptive error messaging.
A security vulnerability in WilderForge (CVSS 9.9). Critical severity with potential for significant impact on affected systems.
Discourse versions prior to 3.4.4 (stable), 3.5.0.beta5 (beta), and 3.5.0.beta6-dev (tests-passed) contain a critical vulnerability where Codepen is included in the default `allowed_iframes` site setting and can auto-execute arbitrary JavaScript within the iframe scope, enabling unauthenticated remote code execution. With a CVSS score of 9.8 and network-accessible attack vector requiring no privileges or user interaction, this vulnerability poses severe risk to all default Discourse installations and should be prioritized for immediate patching.
A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.
Critical remote code execution vulnerability in Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior, exploitable through the Content Search module without authentication. An attacker can achieve arbitrary code execution with high confidentiality, integrity, and availability impact across the system boundary (CVSS 9.6). This vulnerability requires user interaction (UI=R) and involves improper file upload handling (CWE-434); active exploitation status and POC availability require verification through CISA KEV and public disclosures.
A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.
A command injection vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.
A command injection vulnerability exists in the Quantenna Wi-Fi chipset's router_command.sh script affecting versions through 8.0.0.28 of the SDK. The flaw allows unauthenticated local attackers to inject arbitrary commands via improper argument handling in the put_file_to_qtn parameter, potentially leading to confidentiality and integrity compromise. No official patch is available as of the CVE publication date, though the vendor has released mitigation guidance; this vulnerability is not currently tracked as actively exploited in CISA's Known Exploited Vulnerabilities catalog.
A command injection vulnerability exists in the Quantenna Wi-Fi chipset's router_command.sh local control script, allowing unauthenticated local attackers to execute arbitrary commands with high impact on confidentiality and integrity. The vulnerability affects Quantenna Wi-Fi chipset versions through 8.0.0.28 of the latest SDK and remains unpatched as of the CVE publication date, though the vendor has provided best practices guidance rather than a direct patch. With a CVSS score of 7.7 and local attack vector requirements, this poses significant risk to routers and access points using affected Quantenna chipsets, particularly in multi-user or compromised-local-network scenarios.
Skyvern versions through 0.1.85 contain a server-side template injection (SSTI) vulnerability in the Prompt field of workflow blocks (specifically Navigation v2 Block) that allows authenticated users to inject malicious Jinja2 template expressions. These expressions are evaluated server-side without proper sanitization, enabling blind remote code execution. With a CVSS score of 8.5, this vulnerability requires valid authentication but has high confidentiality impact and crosses trust boundaries (CVSS:3.1/S:C).
Kafbat UI version 1.0.0 contains an unsafe deserialization vulnerability (CWE-502) that allows unauthenticated remote attackers to execute arbitrary code on affected servers with no user interaction required. This is a critical pre-authentication RCE affecting Kafka cluster management infrastructure. The vulnerability has a CVSS score of 8.9 with high impact across confidentiality, integrity, and availability; patch is available in version 1.1.0.
Out-of-bounds write vulnerability in Sante DICOM Viewer Pro's DCM file parsing that allows remote code execution with high severity (CVSS 7.8). The vulnerability affects users who open malicious DICOM files, enabling attackers to execute arbitrary code in the application's process context. This is a user-interaction-dependent vulnerability with local attack vector, but the ability to trigger RCE via file opening makes it practically significant for targeted attacks.
Local privilege escalation vulnerability in Action1 where an attacker with low-privileged code execution can exploit an insecure OpenSSL configuration file loading mechanism to achieve SYSTEM-level code execution. The vulnerability requires prior code execution capability on the target system but presents a direct path to full system compromise once initial access is obtained. No active exploitation or public POC has been confirmed at this time, but the moderate CVSS score of 7.8 and CWE-427 classification indicate a meaningful risk to Action1 users.
Local privilege escalation vulnerability in 2BrightSparks SyncBackFree that allows low-privileged attackers to escalate to SYSTEM-level privileges by abusing the Mirror functionality through malicious junction creation. The vulnerability requires local code execution capability and administrator interaction, enabling arbitrary file deletion and code execution with SYSTEM privileges. This is a moderately severe local privilege escalation with a CVSS score of 7.3.
Critical remote code execution vulnerability in GIMP's ICO file parser caused by an integer overflow (CWE-190) that lacks proper input validation. This vulnerability affects GIMP users who open malicious ICO files or visit attacker-controlled pages serving malicious images, allowing arbitrary code execution with user privileges. The CVSS score of 8.8 reflects high severity with network-accessible attack vector and required user interaction; exploitation status and active weaponization details require cross-reference with KEV/EPSS data.
Directory traversal vulnerability in Allegra's extractFileFromZip method that allows authenticated attackers to execute arbitrary code on affected systems. The vulnerability stems from insufficient path validation, enabling remote code execution in the context of the running process. With a CVSS score of 8.8 and requiring only low-privilege authentication, this represents a significant risk to Allegra deployments, though exploitation requires prior authenticated access.
Critical authentication bypass vulnerability in the 70mai A510 dashcam that exploits default credentials in the device's user account configuration. Network-adjacent attackers can bypass authentication without any credentials and achieve remote code execution with root privileges. This vulnerability presents an immediate and severe risk due to its low attack complexity, lack of user interaction requirement, and the widespread deployment of 70mai dashcams in vehicles.
A critical buffer overflow vulnerability exists in TOTOLINK EX1200T firmware version 4.1.2cu.5232_B20210713 in the HTTP POST request handler for the /boafrm/formPortFw endpoint. An authenticated attacker can exploit this by manipulating the 'service_type' parameter to achieve remote code execution with high impact to confidentiality, integrity, and availability (CVSS 8.8). Public exploits are available, making this an active threat.
A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.
A critical buffer overflow vulnerability exists in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST request handler in the /boafrm/formPortFw endpoint. An authenticated attacker can exploit the unsanitized 'service_type' parameter to trigger a buffer overflow, achieving remote code execution with high impact on confidentiality, integrity, and availability. Public exploit code is available and the vulnerability meets criteria for active exploitation risk.
Critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST request handler at endpoint /boafrm/formWsc. An authenticated remote attacker can exploit this via a malicious 'submit-url' parameter to achieve remote code execution with high impact on confidentiality, integrity, and availability. Public exploit code is available, creating immediate risk for affected deployments.
Critical buffer overflow vulnerability in TOTOLINK X15 1.0.0-B20230714.1105 affecting the DMZ configuration HTTP POST handler. An authenticated attacker can exploit a malformed 'submit-url' parameter in the /boafrm/formDMZ endpoint to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). A proof-of-concept exploit has been publicly disclosed, and the vulnerability may be actively exploited in the wild.
Heap-based buffer overflow vulnerability in WOLFBOX Level 2 EV Charger that allows network-adjacent attackers to execute arbitrary code without authentication. The flaw exists in the tuya_svc_devos_activate_result_parse function where insufficient validation of secKey, localKey, stdTimeZone, and devId parameters enables remote code execution. With a CVSS score of 8.8 and network-adjacent attack vector, this represents a critical risk for deployed EV charging infrastructure.