RCE
Monthly
A flaw was found in GIMP. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Memory safety bugs present in Firefox 138 and Thunderbird 138. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Radashi is a TypeScript utility toolkit. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 running on PHP 8.1 or later allow unauthenticated access to protected API controllers. The /api.php endpoint fails to properly enforce method visibility on PHP 8.1+, enabling attackers to invoke internal API methods that should be restricted, as exploited in the wild in May 2025.
The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in docarray up to 0.40.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_image() function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_file() function in all versions up to, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series:. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials become compromised08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable. No vendor patch available.
Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised.08.03; NEXUS Series: through 3.08.03;. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Ericsson RAN Compute and Site Controller 6610 contains in certain configurations a high severity vulnerability where improper input validation could be exploited leading to arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A stack-based buffer overflow vulnerability exists in GStreamer's H265 codec parsing functionality that allows remote attackers to execute arbitrary code on affected systems. The vulnerability occurs when processing malformed H265 slice headers, enabling attackers to overflow a fixed-length stack buffer and potentially take control of the application processing the media content. With an EPSS score of 0.61% (69th percentile) and a CVSS score of 8.8, this represents a significant risk for applications using GStreamer for video processing, though it requires user interaction to exploit.
eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A local privilege escalation vulnerability in GStreamer's installer allows attackers with low-privileged access to escalate to higher privileges due to incorrect folder permissions. The vulnerability affects all versions of GStreamer and enables arbitrary code execution in the context of a target user. With a low EPSS score of 0.01% and no KEV listing, this vulnerability has limited evidence of active exploitation in the wild.
The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Affected Vertiv products contain a stack based buffer overflow vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The embedded web server lacks authentication and access controls, allowing unrestricted remote access. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
XWiki is a generic wiki platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The Madara - Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.
Langroid is a Python framework to build large language model (LLM)-powered applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.
Langroid is a Python framework to build large language model (LLM)-powered applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router, in firmware versions prior to 1.0.15 build 241203 rel61480. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple Code Injection vulnerabilities in EasyVirt DC NetScope <= 8.7.0 allows remote authenticated attackers to execute arbitrary code via the (1) lang parameter to /international/keyboard/options;. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6MemInIF!set_temp_type_default function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6File!CTxSubFile::get_ProgramFile_name function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6MemInIF.dll!set_plc_type_default function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!CGamenDataRom::set_mr400_strc function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!VS4_SaveEnvFile function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!Conv_Macro_Data function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!CDrawSLine::GetRectArea function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6ComFile!MakeItemGlidZahyou function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6EditData!CDataRomErrorCheck::MacroCommandCheck function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6MemInIF!set_temp_type_default function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with free of pointer not at start of buffer in VS6EditData.dll!CWinFontInf::WinFontMsgCheck function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echo_generate_featured_image() function in all versions up to,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the qcld_openai_delete_training_file() function in all. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG Lite allows Code Injection.6.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Control of Generation of Code ('Code Injection') vulnerability in RS WP THEMES RS WP Book Showcase allows Code Injection.7.41. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG allows Code Injection.5.34. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Invision Community 5.0.0 through 5.0.6 contains an unauthenticated remote code execution vulnerability in the template engine's themeeditor.php. By crafting template conditional strings using PHP's alternative function call syntax, attackers bypass security filters and execute arbitrary PHP code on the server.
HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. No vendor patch available.
Emlog is an open source website building system. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Emlog is an open source website building system. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "cli_path" parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
There is a memory corruption vulnerability due to a stack-based buffer overflow in DrObjectStorage::XML_Serialize() when using the SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw() when using the SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
There is a memory corruption vulnerability due to an out of bounds write in CheckPins() when using the SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the vehiclename, modelnumber, regnumber, vehiclesubtype, chasisnum, enginenumber' in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The File Manager Advanced Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-shortcode) and 2.5.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A flaw was found in GIMP. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Memory safety bugs present in Firefox 138 and Thunderbird 138. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Radashi is a TypeScript utility toolkit. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 running on PHP 8.1 or later allow unauthenticated access to protected API controllers. The /api.php endpoint fails to properly enforce method visibility on PHP 8.1+, enabling attackers to invoke internal API methods that should be restricted, as exploited in the wild in May 2025.
The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in docarray up to 0.40.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_image() function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_file() function in all versions up to, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series:. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials become compromised08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable. No vendor patch available.
Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised.08.03; NEXUS Series: through 3.08.03;. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Ericsson RAN Compute and Site Controller 6610 contains in certain configurations a high severity vulnerability where improper input validation could be exploited leading to arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A stack-based buffer overflow vulnerability exists in GStreamer's H265 codec parsing functionality that allows remote attackers to execute arbitrary code on affected systems. The vulnerability occurs when processing malformed H265 slice headers, enabling attackers to overflow a fixed-length stack buffer and potentially take control of the application processing the media content. With an EPSS score of 0.61% (69th percentile) and a CVSS score of 8.8, this represents a significant risk for applications using GStreamer for video processing, though it requires user interaction to exploit.
eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A local privilege escalation vulnerability in GStreamer's installer allows attackers with low-privileged access to escalate to higher privileges due to incorrect folder permissions. The vulnerability affects all versions of GStreamer and enables arbitrary code execution in the context of a target user. With a low EPSS score of 0.01% and no KEV listing, this vulnerability has limited evidence of active exploitation in the wild.
The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Affected Vertiv products contain a stack based buffer overflow vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The embedded web server lacks authentication and access controls, allowing unrestricted remote access. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
XWiki is a generic wiki platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The Madara - Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.
Langroid is a Python framework to build large language model (LLM)-powered applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.
Langroid is a Python framework to build large language model (LLM)-powered applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router, in firmware versions prior to 1.0.15 build 241203 rel61480. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple Code Injection vulnerabilities in EasyVirt DC NetScope <= 8.7.0 allows remote authenticated attackers to execute arbitrary code via the (1) lang parameter to /international/keyboard/options;. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6MemInIF!set_temp_type_default function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6File!CTxSubFile::get_ProgramFile_name function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6MemInIF.dll!set_plc_type_default function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!CGamenDataRom::set_mr400_strc function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!VS4_SaveEnvFile function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!Conv_Macro_Data function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!CDrawSLine::GetRectArea function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6ComFile!MakeItemGlidZahyou function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6EditData!CDataRomErrorCheck::MacroCommandCheck function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6MemInIF!set_temp_type_default function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
V-SFT v6.2.5.0 and earlier contains an issue with free of pointer not at start of buffer in VS6EditData.dll!CWinFontInf::WinFontMsgCheck function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echo_generate_featured_image() function in all versions up to,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the qcld_openai_delete_training_file() function in all. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG Lite allows Code Injection.6.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Control of Generation of Code ('Code Injection') vulnerability in RS WP THEMES RS WP Book Showcase allows Code Injection.7.41. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG allows Code Injection.5.34. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Invision Community 5.0.0 through 5.0.6 contains an unauthenticated remote code execution vulnerability in the template engine's themeeditor.php. By crafting template conditional strings using PHP's alternative function call syntax, attackers bypass security filters and execute arbitrary PHP code on the server.
HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. No vendor patch available.
Emlog is an open source website building system. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Emlog is an open source website building system. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "cli_path" parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
There is a memory corruption vulnerability due to a stack-based buffer overflow in DrObjectStorage::XML_Serialize() when using the SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw() when using the SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
There is a memory corruption vulnerability due to an out of bounds write in CheckPins() when using the SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the vehiclename, modelnumber, regnumber, vehiclesubtype, chasisnum, enginenumber' in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The File Manager Advanced Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-shortcode) and 2.5.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.