Remote Code Execution

A remote code execution vulnerability (CVSS 9.9) that allows authenticated users. Critical severity with potential for significant impact on affected systems.

A critical stack-based buffer overflow vulnerability exists in D-Link DIR-815 firmware version 1.01 within the hedwig.cgi module (function sub_403794), allowing remote attackers with low privilege access to execute arbitrary code with high impact on confidentiality, integrity, and availability. Public exploit code is available and the vulnerability may be actively exploited in the wild, making this a high-priority remediation target.

CVE-2025-6292 is a critical stack-based buffer overflow vulnerability in D-Link DIR-825 routers (version 2.03 and potentially others) that allows authenticated attackers to execute arbitrary code remotely via malformed HTTP POST requests to the vulnerable HTTP POST Request Handler function. The vulnerability affects end-of-life products no longer receiving security updates from D-Link, and public exploit code has been disclosed, increasing real-world exploitation risk despite requiring valid credentials.

CVE-2025-6291 is a critical stack-based buffer overflow vulnerability in D-Link DIR-825 firmware version 2.03, exploitable via HTTP POST requests to the do_file function. An authenticated attacker can achieve complete system compromise (confidentiality, integrity, and availability violations) remotely without user interaction. Public exploit code exists and the affected product is end-of-life with no vendor support, elevating real-world risk despite authentication requirement.

Critical Remote Code Execution vulnerability in CrafterCMS Crafter Studio that allows authenticated developers to bypass Groovy Sandbox restrictions and execute arbitrary OS commands through malicious Groovy code injection. This affects CrafterCMS versions 4.0.0 through 4.2.2, and while it requires high-privilege authentication (developer role), the ability to achieve RCE with high-impact consequences (confidentiality, integrity, and availability compromise across system boundaries) makes this a severe issue worthy of immediate patching.

IBM QRadar SIEM versions 7.5 through 7.5.0 Update Package 12 contains a privilege escalation vulnerability that allows authenticated administrative users to modify configuration files and upload malicious autoupdate packages, leading to arbitrary command execution with system-level privileges. This is a high-severity vulnerability (CVSS 9.1) affecting SIEM infrastructure; while it requires high privileges (PR:H), the network-accessible attack vector (AV:N) and lack of user interaction (UI:N) make it a significant risk in multi-user enterprise environments where administrative credentials may be compromised or misused.

Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).

pgai, a Python library for PostgreSQL-based RAG and agentic applications, contains a secrets exfiltration vulnerability (CVE-2025-52467) that allows unauthenticated remote attackers to extract all workflow secrets, including GITHUB_TOKEN credentials with repository write permissions. This vulnerability has a CVSS score of 9.1 (Critical) and affects pgai versions prior to commit 8eb3567; a patch is available and the vulnerability is not currently listed in CISA KEV, though the high CVSS and direct credential exposure indicate substantial real-world risk if the library is deployed in CI/CD environments.

The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains an argument injection vulnerability. By appending additional arguments to the file name, an attacker can bypass MIME type validation, allowing the upload of arbitrary file types. This flaw can be exploited to place a malicious file on disk. Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. There are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.

A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.

Privilege escalation vulnerability in backup management systems that permits authenticated users with the Backup Operator role to modify backup job configurations and execute arbitrary code with system privileges. The vulnerability affects backup software implementations that fail to properly validate backup job modifications; attackers must possess valid Backup Operator credentials but face no additional complexity once authenticated. This vulnerability is not currently listed in CISA's KEV catalog, but the high CVSS score of 7.2 and code execution capability indicate significant risk to organizations managing sensitive backup infrastructure.

Network-accessible remote code execution vulnerability in Versa Director SD-WAN orchestration platform where the websockify service on port 6080 is exposed by default to the internet, allowing unauthenticated attackers to exploit known websockify weaknesses for potential code execution. Versa Networks confirms no active exploitation has been observed, but third-party proof-of-concept has been publicly disclosed. The vulnerability affects Versa Director deployments with default configurations and represents a critical supply-chain risk for SD-WAN infrastructure.

CVE-2025-23172 is an authenticated Server-Side Request Forgery (SSRF) vulnerability in Versa Director SD-WAN orchestration platform that allows authenticated users with high privileges to abuse the Webhook feature to send crafted HTTP requests to localhost endpoints. This can be exploited to execute arbitrary commands on behalf of the 'versa' user who holds sudo privileges, resulting in potential remote code execution and privilege escalation. While no active exploitation has been reported in the wild, a proof-of-concept has been publicly disclosed, presenting an elevated risk for organizations running vulnerable Versa Director instances.

Remote code execution vulnerability in Backup Server that allows authenticated domain users to execute arbitrary code with high severity (CVSS 8.8). The vulnerability requires valid domain credentials but no user interaction, making it a significant risk for organizations with Backup Server deployments in Active Directory environments. If actively exploited or with public POC availability, this represents an immediate priority for patching.

Critical remote code execution vulnerability in Versa Director SD-WAN orchestration platform affecting the Cisco NCS application service bound to TCP ports 4566 and 4570. An unauthenticated network attacker can exploit weak HA authentication mechanisms to gain unauthorized administrative access and execute arbitrary code with CVSS 9.8 severity. While no active exploitation has been confirmed, third-party proof-of-concept code has been publicly disclosed, significantly elevating real-world risk.

A remote code execution vulnerability in CloudClassroom-PHP-Project v1.0 (CVSS 9.8). Risk factors: public PoC available.

A remote code execution vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

Critical remote code execution vulnerability in EfroTech Time Trax v1.0 that exploits improper file upload validation in the leave request form's attachment functionality. An authenticated attacker with low privileges can upload and execute arbitrary code on the server, achieving complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability is classified as actively exploitable (CVSS 9.9) and represents an immediate threat to all deployed instances.

A remote code execution vulnerability in all (CVSS 7.2). Risk factors: public PoC available. Vendor patch is available.

The CSV Me WordPress plugin versions up to 2.0 contains an arbitrary file upload vulnerability in the 'csv_me_options_page' function due to insufficient file type validation. Authenticated administrators can exploit this to upload arbitrary files to the server, potentially enabling remote code execution. This is a post-authentication privilege abuse vulnerability with high impact on confidentiality, integrity, and availability.

The FunnelKit plugin for WordPress (versions ≤3.5.3) contains a critical vulnerability allowing unauthenticated attackers to install arbitrary plugins due to missing capability checks and weak nonce validation in the install_or_activate_addon_plugins() function. This is a pre-authentication remote code execution vector with a CVSS 9.8 severity rating that enables complete site compromise through malicious plugin installation.

The Pixabay Images plugin for WordPress versions up to 3.4 contains an arbitrary file upload vulnerability in the pixabay_upload function due to missing file type validation. Authenticated attackers with Author-level access or higher can upload arbitrary files to the server, potentially enabling remote code execution. This vulnerability has a CVSS score of 8.8 (High) and represents a significant risk to WordPress installations using this plugin.

Pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization. Attackers can exploit this vulnerability over the network without authentication to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). This is a critical, actively exploitable vulnerability affecting Trend Micro Endpoint Encryption deployments; similar to CVE-2025-49213 but in a different vulnerable method, indicating a pattern of insecure deserialization issues in the same product.

Post-authentication insecure deserialization vulnerability in Trend Micro Endpoint Encryption PolicyServer that allows remote code execution with high impact on confidentiality, integrity, and availability. While the CVSS score of 8.8 is significant, exploitation requires prior low-privileged code execution on the target system, substantially reducing real-world attack surface compared to unauthenticated network exploits. The vulnerability affects Trend Micro Endpoint Encryption installations and should be prioritized based on organizational exposure to this specific product line and internal threat modeling of low-privileged account compromise scenarios.

Critical pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization. An unauthenticated attacker can exploit this vulnerability over the network with no user interaction required to achieve complete system compromise (confidentiality, integrity, and availability impact). This vulnerability is actively being tracked and should be prioritized for immediate patching as it requires no privileges or complex attack conditions.

Pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization in an unnamed method. An unauthenticated attacker on the network can exploit this over the network without user interaction to achieve complete system compromise (confidentiality, integrity, and availability impact). This vulnerability is actively monitored and represents a critical threat requiring immediate patching.

Fuji Electric Smart Editor contains an out-of-bounds write vulnerability (CWE-787) that allows local attackers with user-level privileges to execute arbitrary code by crafting malicious input files. The vulnerability affects Smart Editor with a CVSS score of 7.8 (high severity), requiring user interaction (opening a malicious file) but no elevated privileges. Without confirmed KEV, EPSS, or public POC data in the provided intelligence, the real-world exploitation likelihood should be assessed as moderate-to-high given the local attack vector and file-based interaction model typical of engineering software.

Stack-based buffer overflow vulnerability in Fuji Electric Smart Editor that allows unauthenticated local attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability requires user interaction (opening a malicious file) but does not require elevated privileges. While the CVSS score of 7.8 reflects high severity, real-world risk depends on KEV status, EPSS score, and public exploit availability, which are not provided in the source data.

CVE-2025-32412 is an out-of-bounds read vulnerability in Fuji Electric Smart Editor that permits arbitrary code execution through a local attack vector requiring user interaction. The vulnerability affects Fuji Electric Smart Editor across affected versions and is classified as high-severity with a CVSS score of 7.8. While no KEV or active exploitation is confirmed in the provided data, the local attack vector combined with user interaction requirement and high impact (confidentiality, integrity, availability) makes this a significant concern for organizations using this industrial automation software.

A buffer overflow vulnerability in llama.cpp (CVSS 8.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an attacker with physical access to a machine to execute arbitrary code on affected installations. An attacker must have had physical access to the target system in order to exploit this vulnerability due to need to access a certain hardware component. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a previous WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only.

CVE-2025-49155 is an uncontrolled search path vulnerability in Trend Micro Apex One's Data Loss Prevention (DLP) module that allows unauthenticated remote attackers to inject and execute arbitrary code. The vulnerability requires user interaction (CVSS UI:R) but poses critical risk to organizations deploying Apex One, as successful exploitation grants full system compromise with high confidentiality, integrity, and availability impact (CVSS 8.8). Exploitation likelihood should be assessed against current threat intelligence for active in-the-wild usage.

Sitecore PowerShell Extensions through version 7.0 allows authenticated users to upload arbitrary files including ASPX webshells via crafted HTTP requests. The unrestricted file upload bypasses content type restrictions, enabling remote code execution on the Sitecore IIS server with any authenticated account.

Sitecore Experience Manager, Platform, and Commerce versions 9.0 through 10.4 contain a Zip Slip vulnerability that allows authenticated attackers to write arbitrary files outside the intended upload directory. By crafting ZIP archives with path traversal entries, attackers can overwrite application files and achieve remote code execution.

Critical pre-authentication remote code execution vulnerability in Trend Micro Apex Central versions below 8.0.7007, caused by insecure deserialization in a specific method. The vulnerability allows unauthenticated remote attackers to execute arbitrary code with complete system compromise (confidentiality, integrity, and availability impact). With a CVSS score of 9.8 and network-based attack vector requiring no user interaction, this represents an immediately exploitable critical threat to exposed Apex Central installations.

Pre-authentication remote code execution vulnerability stemming from insecure deserialization in Trend Micro Apex Central versions below 8.0.7007. An unauthenticated attacker can exploit this vulnerability over the network with low complexity to achieve complete system compromise (confidentiality, integrity, and availability). This vulnerability is actively tracked by CISA as a known exploited vulnerability (KEV) with high CVSS 9.8 severity and carries significant real-world risk due to its network-accessible, authentication-bypass nature.

Local File Inclusion (LFI) vulnerability in Trend Micro Apex Central widgets (versions below 8.0.6955) that allows authenticated attackers to include and execute arbitrary PHP files, achieving remote code execution on affected systems. The vulnerability requires low-level user authentication and moderate attack complexity but carries high impact across confidentiality, integrity, and availability. Active exploitation status and proof-of-concept availability have not been confirmed from the provided data, but the authentication requirement and network accessibility make this a credible threat to deployed Apex Central instances.

Local File Inclusion (LFI) vulnerability in Trend Micro Apex Central widgets that enables remote code execution (RCE) on affected systems. This vulnerability affects Trend Micro Apex Central installations below version 8.0.6955 and requires an authenticated attacker with low privileges to exploit. The vulnerability combines LFI with RCE capabilities, representing a significant threat to organizations using vulnerable Apex Central deployments.

A deserialization vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

PHP Local File Inclusion (LFI) vulnerability in thembay Fana versions through 1.1.28 that allows unauthenticated remote attackers to include and execute arbitrary files through improper control of filename parameters in PHP include/require statements. The high CVSS score of 8.1 reflects the potential for confidentiality, integrity, and availability impact, though the 'H' attack complexity suggests exploitation requires specific conditions or knowledge of the application architecture. No publicly confirmed KEV or widespread active exploitation is documented, but the 2025 CVE date indicates this is a recently disclosed vulnerability requiring immediate attention from Fana users.

PHP Local File Inclusion (LFI) vulnerability in snstheme Simen versions through 4.6 that allows unauthenticated remote attackers to include and execute arbitrary local files via improper control of filename parameters in PHP include/require statements. With a CVSS score of 8.1 and network-based attack vector, this vulnerability enables confidentiality, integrity, and availability compromise; however, the high attack complexity suggests exploitation requires specific conditions or knowledge of the target environment.

The Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin (versions ≤1.3.8.9) contains an unrestricted file upload vulnerability allowing unauthenticated attackers to bypass file type blacklists and upload dangerous file extensions (.phar, etc.). On servers configured to execute .phar files as PHP (common in default Apache+mod_php setups), this enables remote code execution with high impact to confidentiality, integrity, and availability (CVSS 8.1). While KEV and EPSS data are not provided, the vulnerability is actively exploitable given its public disclosure and network-accessible attack vector.

Critical buffer overflow vulnerability in TOTOLINK X15 firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler in the /boafrm/formTmultiAP endpoint. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete compromise of the router (data theft, modification, and denial of service). Public exploit code is available and the vulnerability meets the profile of actively exploitable threats.

Critical buffer overflow vulnerability in TOTOLINK A3002RU routers (version 3.0.0-B20230809.1615 and potentially others) affecting the HTTP POST request handler at endpoint /boafrm/formMultiAP. An authenticated attacker can exploit this via a malicious 'submit-url' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists and the vulnerability is actively exploitable.

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Critical stack-based buffer overflow vulnerability in the HTTP POST request handler (function sub_AC78) of D-Link DIR-665 firmware version 1.00, exploitable remotely by authenticated attackers. The vulnerability allows remote code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Public exploit code is available and the affected product line is no longer maintained by D-Link, significantly elevating real-world risk despite requiring low-privilege authentication.

Critical remote buffer overflow vulnerability in TOTOLINK X15 router firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formMultiAP endpoint. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve complete system compromise including confidentiality, integrity, and availability breaches. A public proof-of-concept exists and the vulnerability is actively exploitable without user interaction.

Critical remote buffer overflow vulnerability in TOTOLINK A3002RU firmware version 3.0.0-B20230809.1615 affecting the HTTP POST request handler for the /boafrm/formSysLog endpoint. An authenticated attacker can exploit this via manipulation of the submit-url parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and represents an active threat to deployed devices.

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the /boafrm/formSysLog HTTP POST handler. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve buffer overflow, leading to remote code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, and the vulnerability affects a widely deployed consumer networking device.

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at endpoint /boafrm/formSysCmd. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk.

Critical buffer overflow vulnerability in TOTOLINK EX1200T router firmware (version 4.1.2cu.5232_B20210713) affecting the NTP configuration handler. An authenticated attacker can remotely exploit this vulnerability via HTTP POST requests to the /boafrm/formNtp endpoint by manipulating the submit-url parameter, achieving remote code execution with complete system compromise (confidentiality, integrity, and availability). A public exploit has been disclosed and the vulnerability may be actively exploited in the wild.

Conda-build versions prior to 25.3.0 are vulnerable to dependency confusion/namespace squatting attacks where an attacker can claim the unpublished 'conda-index' package on PyPI and inject malicious code that gets installed when users run pip install on conda-build projects. This is a critical supply-chain attack vector with CVSS 9.8 (CRITICAL) affecting all users who install conda-build from source or install projects that depend on it via pip, potentially compromising developer environments and CI/CD pipelines. The vulnerability is network-accessible, requires no privileges or user interaction, and provides complete system compromise (confidentiality, integrity, availability).

Conda-build versions prior to 25.4.0 are vulnerable to path traversal (Tarslip) attacks that allow unauthenticated remote attackers to write arbitrary files outside intended extraction directories by crafting malicious tar archives with directory traversal sequences. This critical vulnerability (CVSS 9.8) affects all users and systems utilizing conda-build for package compilation, with potential for privilege escalation and code execution depending on target file locations and system permissions.

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiScheduleCfg function in the HTTP POST request handler. An authenticated remote attacker can exploit this vulnerability by manipulating the 'desc' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability. A public exploit has been disclosed and the vulnerability is likely actively exploited given its critical CVSS score of 8.8 and low attack complexity.

Critical arbitrary code execution vulnerability in conda-build prior to version 25.4.0, where unsafe eval() function usage on meta.yaml recipe selectors allows unauthenticated remote attackers to execute arbitrary code during the package build process with no required privileges or user interaction. This vulnerability affects all users and systems using vulnerable conda-build versions to process potentially malicious or compromised recipe files, with a CVSS score of 9.8 indicating critical severity across confidentiality, integrity, and availability impacts.

A security vulnerability in Conda-build (CVSS 7.0). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Local privilege escalation vulnerability in Google ChromeOS MiniOS that allows unauthenticated attackers to achieve root code execution by exploiting an accessible debug shell (VT3 console) through specific key combinations during developer mode entry, circumventing device policy restrictions and Firmware Write Protect mechanisms. This vulnerability affects ChromeOS version 16063.45.2 and potentially other versions on enrolled devices, with a CVSS score of 7.4 indicating high severity. The attack requires local access and specific technical knowledge of key sequences, but no user interaction is needed once device access is obtained.

A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.

Server-Side Template Injection (SSTI) vulnerability in the chat feature of Citrix Remote Support (RS) and Privileged Remote Access (PRA) that enables unauthenticated remote code execution with a critical CVSS score of 9.8. The vulnerability affects the chat messaging functionality across both products with no authentication or user interaction required, allowing attackers to execute arbitrary code on affected systems. This is a critical severity issue requiring immediate patching.

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formWirelessTbl endpoint. An authenticated attacker can exploit the submit-url parameter to achieve remote code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Public proof-of-concept code is available, and this vulnerability may be actively exploited in the wild.

Critical stack-based buffer overflow vulnerability in D-Link DIR-632 firmware version FW103B08, affecting the HTTP POST request handler's get_pure_content function. An unauthenticated remote attacker can exploit this via a malicious Content-Length header to achieve complete system compromise including arbitrary code execution, data theft, and denial of service. Public exploit code exists for this end-of-life product, creating immediate risk for any remaining deployed instances.

Critical stack-based buffer overflow vulnerability in D-Link DIR-619L version 2.06B01 affecting the form_macfilter function through improper handling of mac_hostname_%d and sched_name_%d parameters. An authenticated remote attacker can exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability impacts (CVSS 8.8). Public exploit code is available and the product is end-of-life, significantly elevating real-world risk.

Critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01, affecting the port forwarding configuration function. An authenticated remote attacker can exploit this vulnerability by manipulating the ingress_name_%d, sched_name_%d, or name_%d parameters to achieve remote code execution with high integrity and confidentiality impact. The vulnerability has public exploit code available and affects only end-of-life products no longer receiving vendor support, significantly elevating real-world risk for exposed legacy deployments.

Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0, which allows remote attackers to execute arbitrary code via the page parameter.

A Reflected Cross Site Scripting (XSS) vulnerability was found in '/search' in Phoenix Site CMS from Phoenix, which allows remote attackers to execute arbitrary code via 's' GET parameter.

Reflected Cross-Site Scripting (XSS) vulnerability in /pages/search-results-page in Nosto, which allows remote attackers to execute arbitrary code via the q GET request parameter.

A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function function_message of the file letta/letta/interface.py. The manipulation of the argument function_name/function_args leads to improper neutralization of directives in dynamically evaluated code. The exploit has been disclosed to the public and may be used.

The Image Resizer On The Fly WordPress plugin (versions ≤1.1) contains a critical arbitrary file deletion vulnerability in its 'delete' task that allows unauthenticated attackers to remove arbitrary files from the server without authentication. This vulnerability can facilitate remote code execution by deleting critical files such as wp-config.php, leading to complete WordPress installation compromise. With a CVSS score of 9.1 and network-accessible attack vector requiring no user interaction or privileges, this represents a critical risk to all unpatched installations.

A remote code execution vulnerability in all (CVSS 8.1). High severity vulnerability requiring prompt remediation.

A remote code execution vulnerability in File Manager Pro - Filester (CVSS 7.2). High severity vulnerability requiring prompt remediation.

Privilege escalation vulnerability in IBM Backup, Recovery and Media Services (BRMS) for i versions 7.4 and 7.5 that exploits unqualified library calls in compiled or restored programs. An authenticated user with compile or restore capabilities can inject malicious code that executes with elevated component access to the IBM i operating system, achieving full system compromise. This is a high-severity issue affecting enterprise backup infrastructure, though it requires valid credentials and medium attack complexity to exploit.

Critical deserialization vulnerability in Dell ControlVault3 that allows unauthenticated local attackers to achieve arbitrary code execution by sending specially crafted responses to the cvhDecapsulateCmd functionality. The vulnerability affects ControlVault3 prior to version 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. An attacker who can compromise ControlVault firmware or intercept responses can trigger remote code execution with system-level privileges, making this a high-impact vulnerability despite the moderate attack complexity requirement.

conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling meta.yaml can inject malicious code into the version assignment, which is executed during file processing, leading to arbitrary code execution. Exploitation requires an attacker to modify the recipe file by manipulating the RECIPE_DIR variable and introducing a malicious meta.yaml file. While this is more feasible in CI/CD pipelines, it is uncommon in typical environments, reducing overall risk. This vulnerability is fixed in 4.15.0.

Stack-based buffer overflow vulnerability in Dell ControlVault3's securebio_identify functionality that allows local attackers with low privileges to execute arbitrary code with high impact across the system. The vulnerability affects ControlVault3 versions prior to 5.15.10.14 and ControlVault3 Plus versions prior to 6.2.26.36, and can be triggered via a specially crafted API call with a malicious cv_object parameter.

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This so-called "gadget chain" presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. The problem is patched with Version 1.4.3.

MCP Inspector versions below 0.14.1 contain a critical authentication bypass vulnerability (CVE-2025-49596) that enables unauthenticated remote code execution through unprotected communication between the Inspector client and proxy. Attackers can exploit this over the network without user interaction beyond the initial proxy connection to execute arbitrary MCP commands via stdio, achieving complete system compromise with CVSS 9.4 severity. The vulnerability requires immediate patching as it represents a complete authentication failure in a developer tool that is typically deployed on development systems with elevated privileges.

A remote code execution vulnerability in XWiki (CVSS 8.8). Risk factors: public PoC available. Vendor patch is available.

A security vulnerability in versions (CVSS 8.0). Risk factors: public PoC available. Vendor patch is available.

XWiki's macro rights analyzer introduced in version 15.9RC1 contains incomplete validation that allows attackers to hide malicious script macros (Groovy, Python) by exploiting non-lowercase parameter handling and unanalyzed macro parameters. An authenticated attacker with limited privileges can inject hidden malicious macros that execute when a higher-privileged user edits the page, enabling remote code execution. This vulnerability affects XWiki versions 15.9RC1 through 16.4.6, 16.10.0-16.10.2, and 16.x-17.0.0-rc1, with patches available in versions 16.4.7, 16.10.3, and 17.0.0.

A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.

Critical privilege escalation vulnerability in XWiki that allows any user with page edit rights to execute arbitrary code (Groovy, Python, Velocity) with programming-level privileges by creating malicious wiki macros. An attacker can exploit wiki macro parameter defaults to inject code into high-privilege pages like XWiki.ChildrenMacro, achieving full XWiki installation compromise. The vulnerability affects XWiki versions prior to 16.4.7, 16.10.3, and 17.0.0; patch availability is confirmed across multiple release branches.

Critical remote code execution vulnerability in OpenC3 COSMOS v6.0.0's Plugin Management component that allows unauthenticated attackers to execute arbitrary code by uploading a specially crafted .txt file. The vulnerability has a CVSS score of 9.8 (critical severity) with no authentication or user interaction required, making it trivially exploitable over the network. Given the high CVSS score and attack surface (public-facing plugin management interfaces), this vulnerability poses an immediate threat to all deployed instances of the affected version.

Critical remote code execution vulnerability in TOTOLINK N600R router firmware v4.3.0cu.7866_B2022506, exploitable through a buffer overflow in the UPLOAD_FILENAME parameter without authentication. An unauthenticated remote attacker can execute arbitrary code with no user interaction required, achieving complete system compromise with CVSS 9.8 severity. KEV status and active exploitation data unavailable from provided sources; EPSS probability should be assumed high given unauthenticated network attack vector and critical impact.

A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available.

A critical unauthenticated remote command injection vulnerability exists in multiple Blink router models through the 'mac' parameter in the bs_SetMacBlack function, allowing attackers to execute arbitrary commands with full system privileges. Affected models include BL-WR9000 V2.4.9, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5, BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0, and BL-X26_DA3 v1.2.7. With a CVSS score of 9.8 and network-based attack vector requiring no authentication or user interaction, this vulnerability poses severe risk to any exposed router on the network.

Critical remote command injection vulnerability affecting multiple Blink router models through the bs_SetSSIDHide function, allowing unauthenticated attackers to execute arbitrary commands with full system compromise. The vulnerability impacts 8 distinct product lines across versions ranging from v1.0.0 to v4.0.0, with a CVSS score of 9.8 indicating severe severity due to network accessibility, low attack complexity, and no privilege requirements. This represents an actively exploitable flaw affecting home and small business network infrastructure with potential for widespread compromise.

A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available.

Critical remote code execution vulnerability with a perfect CVSS 10.0 score that allows unauthenticated attackers to execute arbitrary code on affected servers over the network with no user interaction required. The vulnerability stems from improper handling of code evaluation (CWE-94: Improper Control of Generation of Code) and affects systems processing untrusted input. Given the maximum CVSS severity, network attack vector, and lack of authentication requirements, this vulnerability represents an immediate and severe threat to any exposed systems and should be treated as a critical priority for patching regardless of additional context.

Critical path traversal vulnerability in RICOH Streamline NX V3 PC Client (versions 3.5.0-3.242.0) that allows unauthenticated remote attackers to execute arbitrary code on affected systems by tampering with specific files used by the product. With a CVSS score of 9.8 and network-based attack vector requiring no user interaction, this vulnerability poses immediate risk to organizations deploying vulnerable versions of the RICOH client software. KEV and EPSS status, POC availability, and active exploitation data are not yet available in public disclosures, but the severity profile (CVSS 9.8, CVSS:3.0/AV:N/AC:L/PR:N/UI:N) suggests high exploitability.

CVE-2025-39240 is an authenticated remote command execution vulnerability in Hikvision Wireless Access Points caused by insufficient input validation in packet handling. Attackers with valid credentials can send crafted packets to execute arbitrary commands on affected devices, potentially achieving full system compromise. The vulnerability has a CVSS 7.2 score reflecting high confidentiality, integrity, and availability impact, though it requires valid authentication credentials to exploit.