RCE
Monthly
Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. [CVSS 7.8 HIGH]
WP Duplicate WordPress plugin has a missing authorization vulnerability leading to arbitrary file deletion that can destroy the WordPress installation.
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. [CVSS 8.8 HIGH]
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance. [CVSS 7.8 HIGH]
An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function [CVSS 7.2 HIGH]
Monstra Cms versions up to 3.0.4 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. [CVSS 8.4 HIGH]
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST data. [CVSS 6.1 MEDIUM]
Unauthenticated remote code execution via OS command injection in Edimax EW-7438RPn-v3 Mini wireless extender firmware 1.27. EPSS 1.3% with PoC available.
Remote code execution via OS command injection in Pinger 1.0 allows attackers to inject shell commands through the ping target parameter. EPSS 12.2% indicates significant exploitation likelihood. PoC available.
CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. [CVSS 5.5 MEDIUM]
Buffer overflow in Rubo DICOM Viewer 2.0 through the DICOM server name input field allows attackers to execute arbitrary code. PoC available.
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. [CVSS 8.6 HIGH]
gbClientService contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated privileges (CVSS 7.8).
Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables in the unquoted service path to gain elevated access during service startup or system reboot. [CVSS 7.8 HIGH]
BartVPNService contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated system privileges (CVSS 7.8).
ScsiAccess service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
EasyRedirect service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
CCSrvProxy service contains a vulnerability that allows attackers to execute arbitrary code (CVSS 7.8).
Wing Ftp Server versions up to 6.0.7 contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated system privileges (CVSS 7.8).
Remote code execution in Godot MCP prior to version 0.1.1 results from unsafe shell command execution when processing user-supplied project paths. An unauthenticated attacker can inject shell metacharacters through multiple tools (create_scene, add_node, load_sprite, etc.) to execute arbitrary commands with the privileges of the MCP server process. No patch is currently available for affected deployments.
SiYuan knowledge management system prior to 3.5.5 has a path traversal in /api/file/copyFile allowing arbitrary file operations on the server.
Authenticated attackers can execute arbitrary commands on Group-Office servers through unsanitized user input in the email attachment endpoint, where shell metacharacters are directly passed to system execution functions. The vulnerability affects Group-Office versions prior to 6.8.150, 25.0.82, and 26.0.5, and public exploit code exists. Organizations should apply available patches immediately as this is actively exploitable by authenticated users.
Melange versions 0.10.0 through 0.40.2 allow unauthenticated command injection through the patch pipeline, enabling attackers to execute arbitrary shell commands on build hosts by injecting shell metacharacters into patch-related inputs such as series paths and filenames. This vulnerability affects users who build APK packages using melange build or melange license-check operations, particularly in CI/CD environments where build inputs may be controlled by untrusted sources. A patch is available in version 0.40.3 and later.
melange allows users to build apk packages using declarative pipelines. [CVSS 7.9 HIGH]
N8N versions up to 1.118.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
n8n is an open source workflow automation platform. [CVSS 8.1 HIGH]
n8n has a command injection vulnerability (CVSS 9.9) allowing authenticated users to execute arbitrary OS commands through workflow definitions.
n8n workflow automation platform has an authenticated code execution vulnerability (CVSS 9.9) through improper runtime behavior modification, enabling server takeover.
Arbitrary code execution in Autodesk 3ds Max occurs when users open max files from maliciously crafted project directories that exploit an untrusted search path vulnerability. Local attackers can leverage this to execute arbitrary code with the privileges of the current user without requiring special permissions or interaction beyond opening a file. No patch is currently available for this high-severity vulnerability affecting 3ds Max users.
Arbitrary code execution in Autodesk 3ds Max occurs when the application parses a maliciously crafted RGB image file, resulting in a CWE-787 out-of-bounds write that corrupts memory and lets an attacker run code in the context of the user running 3ds Max. No public exploit identified at time of analysis, and the EPSS probability is only 0.01%, but the CVSS base score of 8.4 reflects the high impact when a victim is convinced to open a weaponized asset file.
Stack-based buffer overflow in Autodesk 3ds Max enables arbitrary code execution when the application parses a maliciously crafted GIF file, running attacker code in the context of the current user process. The flaw carries a CVSS 8.4 (High) rating due to local attack vector but full confidentiality, integrity, and availability impact, with no public exploit identified at time of analysis and a very low EPSS probability (0.01%) reflecting the file-open user-interaction model typical of DCC software.
Malicious USD files trigger an out-of-bounds write vulnerability in Autodesk Arnold and 3ds Max, enabling arbitrary code execution within the affected application when a user loads or imports the crafted file. Local attackers with user interaction can exploit this to gain full system compromise with the privileges of the running process. No patch is currently available.
Arbitrary code execution in Autodesk 3ds Max occurs when the application parses a maliciously crafted GIF file, triggering an out-of-bounds write (CWE-787) in its image-handling code. The flaw lets an attacker run code in the context of the user running 3ds Max; no public exploit identified at time of analysis and EPSS estimates exploitation probability at just 0.03%.
Arbitrary code execution in Autodesk 3ds Max occurs when the application parses a maliciously crafted RGB image file, triggering an out-of-bounds write (CWE-787) that corrupts memory in the running process. Exploitation requires a victim to open the malicious file locally, but no public exploit has been identified at time of analysis and EPSS rates real-world exploitation likelihood at just 0.01%. The flaw was reported by Autodesk PSIRT and is tracked under advisory ADSK-SA-2026-0002.
Coto versions up to 11.4.0 is affected by unrestricted upload of file with dangerous type (CVSS 6.5).
The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'template_name' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be...
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. [CVSS 6.7 MEDIUM]
Arbitrary command execution with system privileges in Android's FacAtFunction component allows a privileged physical attacker to bypass input validation controls prior to the February 2026 Security Maintenance Release 1. An adversary with physical access and elevated privileges can exploit this vulnerability to execute arbitrary commands at the system level. No patch is currently available.
Android versions up to 14.0 contains a vulnerability that allows attackers to execute arbitrary commands (CVSS 6.8).
WP FOFT Loader (WordPress plugin) is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
file import process of Comic Book Reader v1.0.95 contains a vulnerability that allows attackers to overwrite critical internal files, potentially leading to arbitrary code executi (CVSS 6.5).
School Erp Pro versions up to 1.0 is affected by unrestricted upload of file with dangerous type (CVSS 7.2).
CI4MS (CodeIgniter 4 CMS skeleton) has a code injection vulnerability (CVSS 9.9) allowing authenticated users to execute arbitrary PHP code through the CMS module system.
School ERP Pro 1.0 allows students to upload arbitrary PHP files, enabling remote code execution from a low-privileged student account.
CraftCMS 3 vCard Plugin 1.0.0 has an insecure deserialization vulnerability allowing unauthenticated remote code execution through crafted vCard data.
CloudMe 1.11.2 cloud sync application has a buffer overflow enabling remote code execution through the network sync protocol.
An out-of-bounds read vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code.
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. [CVSS 8.0 HIGH]
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted set of network packets containing an excessive number of host entries This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. [CVSS 8.4 HIGH]
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. [CVSS 6.5 MEDIUM]
FUXA v1.2.7 allows remote code execution through the project import functionality by importing crafted project files containing malicious code.
A950Rg Firmware versions up to 4.1.2cu.5204_b20210112 is affected by classic buffer overflow (CVSS 6.5).
TOTOLINK A950RG router firmware has a buffer overflow in setUrlFilterRules that allows remote attackers to execute code through the router's management interface.
Open Eclass Platform versions up to 1.7.3 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
WCAssistantService contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Syncbreeze versions up to 12.4.18 contains a vulnerability that allows attackers to execute arbitrary code with elevated system privileges (CVSS 7.8).
its service configuration contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]
OS DataHub Maps (WordPress plugin) is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
ELECOM wireless LAN access point devices have a stack-based buffer overflow that allows remote attackers to execute code or crash the device via crafted packets.
Arbitrary code execution in Roland Cloud Manager installer versions 3.1.19 and earlier results from insecure DLL loading, enabling local attackers to execute malicious code with application-level privileges. An attacker with local access and user interaction can exploit this vulnerability to compromise systems running the affected installer. No patch is currently available to remediate this vulnerability.
Fabric Operating System contains a vulnerability that allows attackers to an authenticated, remote attacker with administrative credentials to execute ar (CVSS 7.2).
Notepad++ versions prior to 8.8.9 contain an update integrity verification vulnerability (CVE-2025-15556) when using the WinGUp updater. The update mechanism fails to cryptographically verify downloaded metadata and installers, allowing man-in-the-middle attackers to serve malicious executables during the update process. KEV-listed, this supply chain risk affects one of the most widely used text editors on Windows.
Sandbox escape in SandboxJS before 0.8.27 via __lookupGetter__ prototype chain access. CVSS 10.0 — complete sandbox bypass. PoC and patch available.
Remote code execution in Group Office versions prior to 6.8.150, 25.0.82, and 26.0.5 allows authenticated attackers to execute arbitrary commands through unsanitized language parameters passed to system zip operations in the MaintenanceController. The vulnerability can be exploited by combining a crafted zip file upload with command injection, and public exploit code exists. Update to patched versions immediately.
Arbitrary code execution in OpenTelemetry Go SDK versions 1.20.0 through 1.39.0 on macOS results from insecure PATH resolution when executing the ioreg system command during resource detection. A local attacker with the ability to modify the PATH environment variable can hijack the command search path and execute arbitrary code with the privileges of the affected application. The vulnerability is resolved in version 1.40.0 and later.
Information exposure in vLLM inference engine versions 0.8.3 to before 0.14.1. Invalid image requests to the multimodal endpoint cause sensitive data logging. Patch available.
Critical path traversal in Wildfire IM instant messaging server before 1.4.3 allows unauthenticated access to arbitrary files. EPSS 0.25%, patch available.
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.
IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution. [CVSS 7.6 HIGH]
Libsoup's multipart HTTP response parser contains a stack buffer overflow stemming from faulty length validation, enabling remote attackers to trigger memory corruption and potentially execute arbitrary code without authentication. Applications using libsoup to process untrusted server responses face crash or code execution risks. No patch is currently available.
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). [CVSS 7.0 HIGH]
Arbitrary file write in H2O-3 machine learning platform version 3.46.0.1 allows remote attackers to write data to any file on the server.
Local File Inclusion in parisneo/lollms-webui /reinstall_extension endpoint allows authenticated users to include arbitrary local files. EPSS 0.26%.
The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. [CVSS 8.0 HIGH]
EMP_NSWLSV service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. [CVSS 7.8 HIGH]
DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts. [CVSS 7.8 HIGH]
BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]
Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. [CVSS 7.8 HIGH]
WP Duplicate WordPress plugin has a missing authorization vulnerability leading to arbitrary file deletion that can destroy the WordPress installation.
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. [CVSS 8.8 HIGH]
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance. [CVSS 7.8 HIGH]
An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function [CVSS 7.2 HIGH]
Monstra Cms versions up to 3.0.4 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. [CVSS 8.4 HIGH]
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST data. [CVSS 6.1 MEDIUM]
Unauthenticated remote code execution via OS command injection in Edimax EW-7438RPn-v3 Mini wireless extender firmware 1.27. EPSS 1.3% with PoC available.
Remote code execution via OS command injection in Pinger 1.0 allows attackers to inject shell commands through the ping target parameter. EPSS 12.2% indicates significant exploitation likelihood. PoC available.
CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. [CVSS 5.5 MEDIUM]
Buffer overflow in Rubo DICOM Viewer 2.0 through the DICOM server name input field allows attackers to execute arbitrary code. PoC available.
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. [CVSS 8.6 HIGH]
gbClientService contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated privileges (CVSS 7.8).
Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables in the unquoted service path to gain elevated access during service startup or system reboot. [CVSS 7.8 HIGH]
BartVPNService contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated system privileges (CVSS 7.8).
ScsiAccess service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
EasyRedirect service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
CCSrvProxy service contains a vulnerability that allows attackers to execute arbitrary code (CVSS 7.8).
Wing Ftp Server versions up to 6.0.7 contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated system privileges (CVSS 7.8).
Remote code execution in Godot MCP prior to version 0.1.1 results from unsafe shell command execution when processing user-supplied project paths. An unauthenticated attacker can inject shell metacharacters through multiple tools (create_scene, add_node, load_sprite, etc.) to execute arbitrary commands with the privileges of the MCP server process. No patch is currently available for affected deployments.
SiYuan knowledge management system prior to 3.5.5 has a path traversal in /api/file/copyFile allowing arbitrary file operations on the server.
Authenticated attackers can execute arbitrary commands on Group-Office servers through unsanitized user input in the email attachment endpoint, where shell metacharacters are directly passed to system execution functions. The vulnerability affects Group-Office versions prior to 6.8.150, 25.0.82, and 26.0.5, and public exploit code exists. Organizations should apply available patches immediately as this is actively exploitable by authenticated users.
Melange versions 0.10.0 through 0.40.2 allow unauthenticated command injection through the patch pipeline, enabling attackers to execute arbitrary shell commands on build hosts by injecting shell metacharacters into patch-related inputs such as series paths and filenames. This vulnerability affects users who build APK packages using melange build or melange license-check operations, particularly in CI/CD environments where build inputs may be controlled by untrusted sources. A patch is available in version 0.40.3 and later.
melange allows users to build apk packages using declarative pipelines. [CVSS 7.9 HIGH]
N8N versions up to 1.118.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
n8n is an open source workflow automation platform. [CVSS 8.1 HIGH]
n8n has a command injection vulnerability (CVSS 9.9) allowing authenticated users to execute arbitrary OS commands through workflow definitions.
n8n workflow automation platform has an authenticated code execution vulnerability (CVSS 9.9) through improper runtime behavior modification, enabling server takeover.
Arbitrary code execution in Autodesk 3ds Max occurs when users open max files from maliciously crafted project directories that exploit an untrusted search path vulnerability. Local attackers can leverage this to execute arbitrary code with the privileges of the current user without requiring special permissions or interaction beyond opening a file. No patch is currently available for this high-severity vulnerability affecting 3ds Max users.
Arbitrary code execution in Autodesk 3ds Max occurs when the application parses a maliciously crafted RGB image file, resulting in a CWE-787 out-of-bounds write that corrupts memory and lets an attacker run code in the context of the user running 3ds Max. No public exploit identified at time of analysis, and the EPSS probability is only 0.01%, but the CVSS base score of 8.4 reflects the high impact when a victim is convinced to open a weaponized asset file.
Stack-based buffer overflow in Autodesk 3ds Max enables arbitrary code execution when the application parses a maliciously crafted GIF file, running attacker code in the context of the current user process. The flaw carries a CVSS 8.4 (High) rating due to local attack vector but full confidentiality, integrity, and availability impact, with no public exploit identified at time of analysis and a very low EPSS probability (0.01%) reflecting the file-open user-interaction model typical of DCC software.
Malicious USD files trigger an out-of-bounds write vulnerability in Autodesk Arnold and 3ds Max, enabling arbitrary code execution within the affected application when a user loads or imports the crafted file. Local attackers with user interaction can exploit this to gain full system compromise with the privileges of the running process. No patch is currently available.
Arbitrary code execution in Autodesk 3ds Max occurs when the application parses a maliciously crafted GIF file, triggering an out-of-bounds write (CWE-787) in its image-handling code. The flaw lets an attacker run code in the context of the user running 3ds Max; no public exploit identified at time of analysis and EPSS estimates exploitation probability at just 0.03%.
Arbitrary code execution in Autodesk 3ds Max occurs when the application parses a maliciously crafted RGB image file, triggering an out-of-bounds write (CWE-787) that corrupts memory in the running process. Exploitation requires a victim to open the malicious file locally, but no public exploit has been identified at time of analysis and EPSS rates real-world exploitation likelihood at just 0.01%. The flaw was reported by Autodesk PSIRT and is tracked under advisory ADSK-SA-2026-0002.
Coto versions up to 11.4.0 is affected by unrestricted upload of file with dangerous type (CVSS 6.5).
The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'template_name' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be...
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. [CVSS 6.7 MEDIUM]
Arbitrary command execution with system privileges in Android's FacAtFunction component allows a privileged physical attacker to bypass input validation controls prior to the February 2026 Security Maintenance Release 1. An adversary with physical access and elevated privileges can exploit this vulnerability to execute arbitrary commands at the system level. No patch is currently available.
Android versions up to 14.0 contains a vulnerability that allows attackers to execute arbitrary commands (CVSS 6.8).
WP FOFT Loader (WordPress plugin) is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
file import process of Comic Book Reader v1.0.95 contains a vulnerability that allows attackers to overwrite critical internal files, potentially leading to arbitrary code executi (CVSS 6.5).
School Erp Pro versions up to 1.0 is affected by unrestricted upload of file with dangerous type (CVSS 7.2).
CI4MS (CodeIgniter 4 CMS skeleton) has a code injection vulnerability (CVSS 9.9) allowing authenticated users to execute arbitrary PHP code through the CMS module system.
School ERP Pro 1.0 allows students to upload arbitrary PHP files, enabling remote code execution from a low-privileged student account.
CraftCMS 3 vCard Plugin 1.0.0 has an insecure deserialization vulnerability allowing unauthenticated remote code execution through crafted vCard data.
CloudMe 1.11.2 cloud sync application has a buffer overflow enabling remote code execution through the network sync protocol.
An out-of-bounds read vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code.
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. [CVSS 8.0 HIGH]
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted set of network packets containing an excessive number of host entries This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. [CVSS 8.4 HIGH]
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. [CVSS 6.5 MEDIUM]
FUXA v1.2.7 allows remote code execution through the project import functionality by importing crafted project files containing malicious code.
A950Rg Firmware versions up to 4.1.2cu.5204_b20210112 is affected by classic buffer overflow (CVSS 6.5).
TOTOLINK A950RG router firmware has a buffer overflow in setUrlFilterRules that allows remote attackers to execute code through the router's management interface.
Open Eclass Platform versions up to 1.7.3 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
WCAssistantService contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Syncbreeze versions up to 12.4.18 contains a vulnerability that allows attackers to execute arbitrary code with elevated system privileges (CVSS 7.8).
its service configuration contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]
OS DataHub Maps (WordPress plugin) is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
ELECOM wireless LAN access point devices have a stack-based buffer overflow that allows remote attackers to execute code or crash the device via crafted packets.
Arbitrary code execution in Roland Cloud Manager installer versions 3.1.19 and earlier results from insecure DLL loading, enabling local attackers to execute malicious code with application-level privileges. An attacker with local access and user interaction can exploit this vulnerability to compromise systems running the affected installer. No patch is currently available to remediate this vulnerability.
Fabric Operating System contains a vulnerability that allows attackers to an authenticated, remote attacker with administrative credentials to execute ar (CVSS 7.2).
Notepad++ versions prior to 8.8.9 contain an update integrity verification vulnerability (CVE-2025-15556) when using the WinGUp updater. The update mechanism fails to cryptographically verify downloaded metadata and installers, allowing man-in-the-middle attackers to serve malicious executables during the update process. KEV-listed, this supply chain risk affects one of the most widely used text editors on Windows.
Sandbox escape in SandboxJS before 0.8.27 via __lookupGetter__ prototype chain access. CVSS 10.0 — complete sandbox bypass. PoC and patch available.
Remote code execution in Group Office versions prior to 6.8.150, 25.0.82, and 26.0.5 allows authenticated attackers to execute arbitrary commands through unsanitized language parameters passed to system zip operations in the MaintenanceController. The vulnerability can be exploited by combining a crafted zip file upload with command injection, and public exploit code exists. Update to patched versions immediately.
Arbitrary code execution in OpenTelemetry Go SDK versions 1.20.0 through 1.39.0 on macOS results from insecure PATH resolution when executing the ioreg system command during resource detection. A local attacker with the ability to modify the PATH environment variable can hijack the command search path and execute arbitrary code with the privileges of the affected application. The vulnerability is resolved in version 1.40.0 and later.
Information exposure in vLLM inference engine versions 0.8.3 to before 0.14.1. Invalid image requests to the multimodal endpoint cause sensitive data logging. Patch available.
Critical path traversal in Wildfire IM instant messaging server before 1.4.3 allows unauthenticated access to arbitrary files. EPSS 0.25%, patch available.
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.
IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution. [CVSS 7.6 HIGH]
Libsoup's multipart HTTP response parser contains a stack buffer overflow stemming from faulty length validation, enabling remote attackers to trigger memory corruption and potentially execute arbitrary code without authentication. Applications using libsoup to process untrusted server responses face crash or code execution risks. No patch is currently available.
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). [CVSS 7.0 HIGH]
Arbitrary file write in H2O-3 machine learning platform version 3.46.0.1 allows remote attackers to write data to any file on the server.
Local File Inclusion in parisneo/lollms-webui /reinstall_extension endpoint allows authenticated users to include arbitrary local files. EPSS 0.26%.
The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. [CVSS 8.0 HIGH]
EMP_NSWLSV service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. [CVSS 7.8 HIGH]
DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts. [CVSS 7.8 HIGH]
BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]