Remote Code Execution

Remote code execution vulnerability in Acer ControlCenter that exploits a misconfigured Windows Named Pipe to allow authenticated attackers with low privileges to execute arbitrary code with SYSTEM-level permissions. The vulnerability has a CVSS score of 8.8 (High) and requires only network access and low privileges, making it a significant elevation-of-privilege vector; real-world exploitation likelihood depends on confirmation of active KEV listing and public exploit availability.

Command injection vulnerability in Visual Studio that allows an authenticated attacker with local user interaction to execute arbitrary code over a network with high impact on confidentiality, integrity, and availability. While the vulnerability requires prior authorization and user interaction, successful exploitation could lead to complete system compromise. No public indication of active exploitation or widespread POC availability is currently documented, but the CVSS 7.1 score reflects significant risk in collaborative development environments where multiple authorized users access shared Visual Studio instances.

CVE-2025-30399 is an untrusted search path vulnerability in .NET and Visual Studio that allows unauthenticated remote attackers to execute arbitrary code through a network vector, requiring user interaction. The vulnerability affects multiple versions of .NET Framework and Visual Studio across Windows platforms. While the CVSS score is 7.5 (high), the attack complexity is high and requires user interaction, potentially limiting real-world exploitation frequency.

Command injection vulnerability in Palo Alto Networks PAN-OS that allows authenticated administrators with CLI access to bypass system restrictions and execute arbitrary commands with root privileges. The vulnerability affects on-premises PAN-OS deployments with CVSS 8.4, but risk is significantly reduced in environments where CLI access is restricted to a limited administrative group. Cloud NGFW and Prisma Access are not affected.

PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414.

CVE-2024-55567 is an improper input validation vulnerability in the UsbCoreDxe module of Insyde InsydeH2O firmware that allows authenticated local attackers with high privileges to bypass SMM (System Management Mode) protections and execute arbitrary code at the highest firmware privilege level. This affects multiple kernel versions (5.4, 5.5, 5.6, 5.7) across numerous OEM BIOS implementations, enabling complete system compromise including kernel-level code execution and memory access. While CVSS rates this as 7.5 (high), real-world exploitation requires local access and administrative/BIOS-level privileges, though no public POC or active KEV designation has been confirmed.

Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.

Path traversal vulnerability in Google Web Designer's template handling mechanism that enables remote code execution when users are socially engineered into downloading malicious ad templates. Versions prior to 16.3.0.0407 on Windows are affected, and the vulnerability requires user interaction (UI:R) but has no authentication requirements (PR:N). While CVSS 8.8 indicates high severity with complete confidentiality, integrity, and availability impact, exploitation probability and KEV status information is not provided in the available intelligence.

A file upload vulnerability in all (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Privilege escalation vulnerability in UpdateNavi and UpdateNaviInstallService that allows local authenticated attackers to modify arbitrary registry values or execute arbitrary code through improper communication channel restrictions. Affected versions include UpdateNavi V1.4 L10-L33 and UpdateNaviInstallService 1.2.0091-1.2.0125. With a CVSS score of 7.1 and local attack vector requiring low privileges, this vulnerability poses significant risk to systems running vulnerable versions, particularly in scenarios where local user accounts have network access or elevation paths.

A remote code execution vulnerability (CVSS 9.2). Critical severity with potential for significant impact on affected systems.

A remote code execution vulnerability (CVSS 7.2). High severity vulnerability requiring prompt remediation.

DLL hijacking vulnerability in ClipShare Server for Windows (versions prior to 3.8.5) that allows local, non-privileged users to achieve arbitrary code execution and potential privilege escalation by placing malicious DLLs in the application directory. The vulnerability exploits Windows' default DLL search order, where the application directory is searched before system paths, and poses a reliable privilege escalation risk when ClipShare is run by elevated users. This is a local attack requiring write access to the installation directory.

Critical command injection vulnerability in u-link Management API that allows unauthenticated remote attackers positioned as man-in-the-middle (MITM) to inject arbitrary commands into WWH server responses, which are then executed with elevated privileges. The vulnerability requires clients to use insecure proxy configurations to exploit, resulting in complete system compromise (CVSS 9.8). While no public POC or KEV listing is available at publication, the attack vector is network-based with low complexity, making this a significant priority for organizations using u-link with proxy infrastructure.

Critical CSRF vulnerability affecting network devices that allows unauthenticated remote attackers to execute arbitrary commands with root privileges by exploiting missing CSRF protections. The vulnerability requires minimal user interaction and presents an exceptionally high real-world risk due to its network-accessible attack vector, root-level command execution capability, and lack of authentication requirements. Active exploitation status and proof-of-concept availability should be confirmed through CISA KEV and exploit databases, as this combination of factors (no auth + remote + root RCE) typically indicates urgent patch deployment.

The WordPress Automatic Plugin (all versions up to 3.115.0) contains an arbitrary file upload vulnerability in core.php due to insufficient file type validation, allowing authenticated attackers with Author-level or higher privileges to upload malicious files and potentially achieve remote code execution. This is a high-severity vulnerability (CVSS 8.8) affecting a widely-deployed WordPress plugin; real-world exploitation requires valid WordPress credentials at Author level or above, but successful exploitation enables complete server compromise.

WP-DownloadManager plugin for WordPress versions up to 1.68.10 contains an arbitrary file deletion vulnerability (CVE-2025-4799) that allows authenticated administrators to delete any file on the server without directory restrictions. When paired with CVE-2025-4798, attackers can delete critical files like wp-config.php, leading to remote code execution. The vulnerability requires high-privilege administrative access, resulting in a CVSS 7.2 score with high confidentiality, integrity, and availability impact.

A remote code execution vulnerability in the OSSEC HIDS agent for Windows (CVSS 9.5) that allows an attacker. Critical severity with potential for significant impact on affected systems.

CVE-2024-1243 is an improper input validation vulnerability in Wazuh agent for Windows (versions prior to 4.8.0) that allows attackers with control over the Wazuh server or possession of agent keys to redirect agents to malicious UNC paths, resulting in NetNTLMv2 hash leakage. The leaked hash can be relayed for remote code execution or abused for privilege escalation to SYSTEM level via AD CS certificate forging. This vulnerability represents a critical supply-chain/credential-leakage risk for Windows environments using Wazuh, though exploitation requires elevated privileges (high PR requirement) and knowledge of agent keys or server compromise.

Type confusion vulnerability in Google Chrome's V8 JavaScript engine that enables remote code execution within the Chrome sandbox prior to version 137.0.7151.103. An attacker can exploit this via a crafted HTML page by tricking a user into visiting a malicious website, achieving arbitrary code execution with high severity impact (CVSS 8.8). The vulnerability's network-based attack vector, low complexity, and requirement only for user interaction make it a practical exploitation target.

Use-after-free vulnerability in Google Chrome's Media component that allows remote attackers to corrupt heap memory and achieve arbitrary code execution through a crafted HTML page. All Chrome versions prior to 137.0.7151.103 are affected. The vulnerability requires user interaction (clicking/viewing the malicious page) but can lead to complete system compromise with high impact on confidentiality, integrity, and availability.

Critical Secure Boot bypass vulnerability in UEFI firmware affecting systems with improper digital signature verification in the NVRAM variable validation process. Attackers with local access and low privileges can create malicious non-authenticated NVRAM variables to bypass signature verification mechanisms, enabling execution of arbitrary signed UEFI code and circumventing Secure Boot protections. This vulnerability requires local access and non-trivial complexity but impacts core boot security; real-world exploitation likelihood and active KEV status are critical factors pending vendor disclosure.

Remote code execution vulnerability in KDE Konsole before version 25.04.2 that exploits improper fallback behavior in URL scheme handler processing. When a user clicks on ssh://, telnet://, or rlogin:// URLs, Konsole attempts to execute the corresponding binary; if unavailable, it dangerously falls back to /bin/bash with the URL as an argument, allowing arbitrary command execution. The vulnerability requires user interaction (clicking a malicious link) but affects all Konsole users, potentially at scale through phishing or drive-by attacks.

A buffer overflow vulnerability in Heap-based buffer overflow in Microsoft Office Word (CVSS 8.4) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.

Critical arbitrary write vulnerability in Microsoft-signed UEFI firmware that permits attackers with high privileges to execute untrusted code and modify firmware settings stored in NVRAM, potentially enabling persistence mechanisms and full system compromise. The vulnerability affects UEFI implementations across multiple Microsoft platforms, with a CVSS score of 8.2 reflecting high severity. While specific KEV status and EPSS probability data were not provided in available sources, the local attack vector and high privilege requirement suggest this poses elevated risk primarily to targeted systems rather than widespread exploitation.

Heap-based buffer overflow vulnerability in Adobe InCopy versions 20.2, 19.5.3 and earlier that allows arbitrary code execution with the privileges of the current user. The vulnerability requires user interaction (opening a malicious file) and presents a high-severity risk due to its direct code execution capability; exploitation likelihood and real-world attack status cannot be fully assessed without KEV confirmation or public POC availability.

Use After Free (UAF) vulnerability in Adobe Acrobat Reader that allows arbitrary code execution with the privileges of the current user. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple release tracks. Exploitation requires user interaction (opening a malicious PDF file), but the high CVSS score of 7.8 and local attack vector indicate significant real-world risk; KEV and active exploitation status should be confirmed from official sources.

A remote code execution vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

CVE-2025-43575 is an out-of-bounds write vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with high integrity and confidentiality impact. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple product lines. Exploitation requires user interaction (opening a malicious PDF), but once triggered, allows code execution in the context of the current user with no privilege elevation needed.

Use After Free (UAF) vulnerability in Adobe Acrobat Reader affecting versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier that enables arbitrary code execution with the privileges of the current user. The vulnerability requires user interaction (opening a malicious PDF file) but has a high CVSS score of 7.8 due to the severity of potential code execution impact. Without confirmed KEV listing or public POC data provided, this represents a significant but not yet confirmed active threat.

Use After Free (UAF) vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with high privilege context on affected systems. The vulnerability impacts multiple versions across different release branches (24.001.30235, 20.005.30763, 25.001.20521 and earlier), requiring only user interaction to trigger exploitation via malicious PDF files. With a CVSS score of 7.8 and no privilege escalation required, this represents a significant risk to enterprise and consumer users relying on Acrobat Reader for document handling.

Use After Free vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with user-level privileges when a victim opens a malicious PDF file. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple product lines. This vulnerability requires user interaction but presents high severity due to memory corruption leading to code execution, with exploitation probability and active exploitation status dependent on available public exploits.

CVE-2025-30327 is an integer overflow vulnerability in Adobe InCopy that enables arbitrary code execution with the privileges of the current user. Versions 20.2, 19.5.3 and earlier are affected; exploitation requires a user to open a malicious file, making it a file-based attack vector with moderate attack complexity. The vulnerability has a CVSS score of 7.8 (high severity) with complete impact on confidentiality, integrity, and availability, though real-world exploitation depends on user interaction and file delivery success.

MicroDicom DICOM Viewer contains an out-of-bounds write vulnerability (CWE-787) that allows remote attackers to execute arbitrary code with high integrity and confidentiality impact (CVSS 8.8). The vulnerability requires user interaction-either visiting a malicious website or opening a crafted DICOM file-making it exploitable in realistic attack scenarios. No active exploitation in the wild (KEV) or public POC has been confirmed at this time, but the network-accessible attack vector and low complexity suggest meaningful real-world risk.

A remote code execution vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

CVE-2025-43581 is an out-of-bounds write vulnerability in Adobe Substance3D - Sampler (versions 5.0 and earlier) that enables arbitrary code execution within the current user's security context. The vulnerability requires user interaction-specifically opening a malicious file-making it a file-based attack vector. With a CVSS score of 7.8 and high impact ratings for confidentiality, integrity, and availability, this represents a significant local privilege escalation risk for affected users, though exploitation requires social engineering or file delivery mechanisms.

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high privileges. The vulnerability affects Word processing functionality and requires no user interaction, making it a critical local privilege escalation vector. Without confirmed KEV status or public POC availability, real-world exploitation likelihood should be assessed against EPSS data and patch availability from Microsoft security advisories.

A security vulnerability in Use after free in Microsoft Office (CVSS 8.4) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.

Local code execution vulnerability in Microsoft Office Outlook triggered by improper path traversal handling (CWE-35) in the '.../...//' sequence. Authorized users with local access can exploit this to execute arbitrary code with the privileges of the Outlook process, achieving high confidentiality, integrity, and availability impact. This vulnerability requires local access and existing user privileges but no user interaction, making it a significant risk for multi-user systems or compromised local accounts.

Heap-based buffer overflow vulnerability in Microsoft Office Excel that allows local attackers to execute arbitrary code with high privileges (confidentiality, integrity, and availability impact). The vulnerability requires user interaction (opening a malicious Excel file) but no special privileges, making it a practical threat to Excel users. With a CVSS score of 7.8 and local attack vector, this represents a significant code execution risk for organizations relying on Excel for document processing.

CVE-2025-47173 is an improper input validation vulnerability in Microsoft Office that allows local code execution without requiring user privileges, though user interaction is needed. An attacker with local access can craft a malicious Office document that, when opened by a user, executes arbitrary code with the privileges of the affected Office application. This vulnerability affects Microsoft Office products across multiple versions and poses a moderate-to-high risk given its local attack vector and high impact on confidentiality, integrity, and availability.

SQL injection vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely without user interaction. The vulnerability affects SharePoint deployments where an authorized user can craft malicious SQL commands through improperly neutralized input fields. This is a high-severity issue (CVSS 8.8) with significant confidentiality, integrity, and availability impact, particularly concerning given SharePoint's role as a critical enterprise collaboration platform.

Heap-based buffer overflow vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability requires user interaction (opening a malicious document) but no elevated privileges, making it a significant local code execution threat affecting Word users who open untrusted documents.

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high severity (CVSS 7.8). The vulnerability requires user interaction (opening a malicious document) but grants complete system compromise through code execution. This is a memory safety issue (CWE-416) in Word's document processing engine that could be actively exploited if public POC becomes available.

Critical deserialization vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely with high impact to confidentiality, integrity, and availability. The vulnerability affects SharePoint environments where an authorized user can submit malicious serialized objects, bypassing input validation due to unsafe deserialization practices (CWE-502). While the attack requires valid credentials (PR:L), the network-accessible attack vector (AV:N), low attack complexity (AC:L), and high CVSS score of 8.8 indicate significant real-world risk, particularly in organizations with broad internal user bases or federated access.

Use-after-free vulnerability in Microsoft Office Excel that allows local code execution with high severity (CVSS 7.8). An attacker with local access can trigger the vulnerability through user interaction (opening a malicious file) to execute arbitrary code with the privileges of the Excel process, potentially achieving full system compromise. No KEV status, active exploitation data, or public POC availability was confirmed in the provided dataset, but the high CVSS score and local attack vector indicate this requires prompt patching.

Use-after-free (UAF) vulnerability in Microsoft Office that allows unauthenticated local attackers to execute arbitrary code with no user interaction required. The vulnerability affects multiple Microsoft Office versions and has a CVSS score of 8.4 (High), indicating severe risk with high impact to confidentiality, integrity, and availability. Without publicly disclosed EPSS data or KEV confirmation provided, the actual exploitation likelihood in the wild remains unconfirmed, though the local attack vector and lack of privilege/interaction requirements suggest moderate real-world exploitability once weaponized.

Critical deserialization vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely without user interaction. The vulnerability affects SharePoint environments where untrusted data is deserialized, enabling network-based code execution with high impact to confidentiality, integrity, and availability. While no public exploit code has been confirmed in open intelligence sources, the CVSS 8.8 rating and low attack complexity suggest this is a high-priority patch for all affected organizations.

Heap-based buffer overflow vulnerability in Microsoft Office that allows unauthenticated local attackers to execute arbitrary code with high privileges. The vulnerability affects Microsoft Office products across multiple versions and requires no user interaction or special privileges to exploit. With a CVSS score of 8.4 and local attack vector, this represents a severe local privilege escalation and code execution risk; exploitation status and real-world activity should be verified against KEV catalogs and EPSS scoring.

CVE-2025-47108 is an out-of-bounds write vulnerability in Adobe Substance3D Painter versions 11.0.1 and earlier that allows arbitrary code execution with user-level privileges. The vulnerability requires user interaction-specifically opening a malicious file-making it a file-based attack vector. While no CVSS:3.1 score of 7.8 indicates high severity with local attack surface, exploitation depends on social engineering to deliver the malicious file.

CVE-2025-43593 is an out-of-bounds write vulnerability in Adobe InDesign Desktop that enables arbitrary code execution with high severity (CVSS 7.8). Affected versions include ID20.2, ID19.5.3 and earlier on local systems. Exploitation requires user interaction (opening a malicious file), but once triggered, grants full code execution capabilities in the context of the current user. Current KEV and EPSS status unknown from provided data, but the local attack vector combined with user interaction requirement and high CVSS score indicates moderate-to-high real-world risk for targeted attacks against design professionals.

CVE-2025-43590 is an out-of-bounds write vulnerability in Adobe InDesign Desktop that allows arbitrary code execution with the privileges of the current user. Affected versions include ID20.2, ID19.5.3, and earlier releases. Exploitation requires user interaction-specifically opening a malicious file-but once triggered, grants an attacker full code execution capabilities in the context of the authenticated user.

Use-after-free vulnerability in Adobe InDesign Desktop that allows arbitrary code execution with the privileges of the current user. Affected versions are InDesign ID20.2, ID19.5.3, and earlier; exploitation requires a victim to open a malicious file. This is a high-severity local vulnerability with user interaction required, but without confirmed active exploitation data or public POC availability indicated in the provided intelligence.

A remote code execution vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Local privilege escalation vulnerability in IBM AIX 7.3 and IBM VIOS 4.1.1's Perl implementation that allows non-privileged local users to execute arbitrary code through improper pathname neutralization (path traversal). With a CVSS score of 8.4 and no authentication requirement, this represents a critical risk for AIX environments where local user access exists. The vulnerability's active exploitation status and proof-of-concept availability would significantly elevate real-world risk.

Use-after-free memory corruption vulnerability in Windows KDC Proxy Service (KPSSVC) that allows unauthenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability affects Windows systems running the Kerberos KDC Proxy Service and represents a critical remote code execution risk in Active Directory environments. While specific KEV/POC status and EPSS scores are not provided in the source data, the network attack vector combined with high CVSS 8.1 score and remote code execution capability indicates this is a significant priority for organizations relying on Windows authentication infrastructure.

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files.

FortiADC versions 6.1 through 7.6.1 contain an OS command injection vulnerability (CWE-78) that allows authenticated attackers with high privileges to execute arbitrary code through crafted HTTP requests. The vulnerability affects multiple product versions across several release branches, with a CVSS score of 7.2 indicating high severity. While the attack requires authentication and high-level privileges, successful exploitation results in complete system compromise with confidentiality, integrity, and availability impact.

Heap-based buffer overflow vulnerability in Adobe InDesign Desktop that allows arbitrary code execution when a user opens a malicious file. Affected versions include InDesign ID20.2, ID19.5.3, and earlier. The vulnerability requires user interaction but presents high severity risk (CVSS 7.8) with potential for complete system compromise in the context of the affected user's privileges.

Memory management vulnerability in Windows Cryptographic Services where memory is not properly released after its effective lifetime, enabling unauthenticated remote code execution. The vulnerability affects Windows cryptographic components and allows network-based attackers to execute arbitrary code with high complexity requirements. While the CVSS score of 8.1 indicates significant severity, exploitation requires specific conditions (high attack complexity), and current status regarding KEV listing, EPSS score, and public POC availability is unknown pending official Microsoft advisory release.

A security vulnerability in A vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.

Privilege escalation vulnerability in Autodesk Installer applications where a maliciously crafted binary file exploits an untrusted search path to achieve NT AUTHORITY/SYSTEM level code execution. The vulnerability requires local user interaction (file download) but no privileges, making it a significant risk for Windows environments running Autodesk products. While CVSS 7.8 indicates high severity, the local attack vector and required user interaction limit the attack surface compared to remote exploits.

A remote code execution vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

A remote code execution vulnerability in A possible security vulnerability (CVSS 8.8). High severity vulnerability requiring prompt remediation.

A arbitrary file access vulnerability (CVSS 8.8). Risk factors: public PoC available.

A critical OS command injection vulnerability exists in Zend.To versions up to 6.10-6 Beta, where unsanitized user input in the 'file_1' parameter of NSSDropoff.php's exec function allows remote, unauthenticated attackers to execute arbitrary system commands with application-level privileges. The vulnerability has been publicly disclosed with working exploits available, making active exploitation probable, though it affects an older software version that has been superseded by newer releases with additional security controls.

Critical stack-based buffer overflow vulnerability in D-Link DIR-632 firmware version FW103B08, affecting the HTTP POST Request Handler's do_file function. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the affected product is end-of-life with no vendor support.

The Abandoned Cart Pro for WooCommerce plugin (versions ≤9.16.0) contains an authenticated arbitrary file upload vulnerability in the wcap_add_to_cart_popup_upload_files function that lacks file type validation. Authenticated attackers with subscriber-level privileges can upload arbitrary files to the server, potentially enabling remote code execution depending on server configuration. This is a high-severity vulnerability (CVSS 8.8) affecting WooCommerce e-commerce sites; exploitation requires valid user credentials but no user interaction.

A buffer overflow vulnerability in TOTOLINK EX1200T (CVSS 8.8). Risk factors: public PoC available.

Critical buffer overflow vulnerability in TOTOLINK EX1200T routers (firmware versions up to 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at endpoint /boafrm/formWsc. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit code available and may be actively exploited in the wild.

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless routers (up to firmware version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formReflashClientTbl endpoint. An authenticated attacker can remotely exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability violations. Public exploit code has been disclosed, making this an active threat with demonstrated proof-of-concept availability.

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless routers (up to version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formIpQoS endpoint. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability). The exploit has been publicly disclosed and proof-of-concept code is available, making this a high-priority threat for affected deployments.

Critical buffer overflow vulnerability in TOTOLINK EX1200T routers (firmware versions up to 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at the /boafrm/formFilter endpoint. An authenticated remote attacker can exploit this vulnerability to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has been publicly disclosed with exploit code available, creating immediate risk for deployed devices.

A remote code execution vulnerability (CVSS 6.7) that allows the attacker. Remediation should follow standard vulnerability management procedures.

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the WiFi repeater configuration function. An authenticated remote attacker can exploit this vulnerability by sending a malicious POST request with an oversized Password parameter to /cgi-bin/cstecgi.cgi, achieving complete compromise of the device including arbitrary code execution. Public disclosure and proof-of-concept code availability significantly elevate real-world risk despite requiring authenticated access.

A critical buffer overflow vulnerability exists in TOTOLINK T10 firmware version 4.1.8cu.5207 in the setWiFiMeshName function of the POST request handler (/cgi-bin/cstecgi.cgi). An authenticated remote attacker can overflow the device_name parameter to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, elevating real-world risk despite the requirement for authenticated access.

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiAclRules function in the POST request handler (/cgi-bin/cstecgi.cgi). An authenticated attacker can remotely exploit this vulnerability by manipulating the 'desc' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exists, elevating real-world exploitation risk despite requiring low-privilege authentication.

Critical remote buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setUpgradeFW function in the POST request handler. An authenticated remote attacker can exploit improper input validation on the slaveIpList parameter to achieve complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability has public exploit code available and represents an actively exploitable threat.

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the UploadCustomModule function in the POST request handler at /cgi-bin/cstecgi.cgi. An authenticated remote attacker can exploit this vulnerability by manipulating the File argument to achieve buffer overflow, resulting in complete system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit disclosure and represents an immediate threat to affected devices.

DNS rebinding vulnerability in Caido (web security auditing toolkit) versions prior to 0.48.0 that allows attackers to hijack the authentication flow and achieve remote code execution. An attacker can load Caido on an attacker-controlled domain through DNS rebinding attacks, either during initial setup or by re-initiating the authentication flow on an already-configured instance. The vulnerability requires user interaction (UI:R) but poses high impact (C:H, I:H, A:H) with a CVSS score of 7.5, and the patch is available in version 0.48.0.

CVE-2025-5914 is an integer overflow vulnerability in libarchive's archive_read_format_rar_seek_data() function that leads to a double-free memory corruption condition. This affects all users of libarchive who process untrusted RAR archive files, potentially allowing arbitrary code execution or denial-of-service with user interaction (opening a malicious RAR file). While no KEV listing or confirmed public exploits are currently documented, the high CVSS score (7.8) and memory safety nature of the vulnerability indicate significant real-world risk if weaponized.

PHP Local File Inclusion (LFI) vulnerability in Unfoldwp Blogmine versions up to 1.1.7 that allows unauthenticated remote attackers to include and execute arbitrary files on the server. The vulnerability stems from improper input validation on filename parameters used in PHP include/require statements (CWE-98). While the CVSS score of 8.1 reflects high impact potential across confidentiality, integrity, and availability, the AC:H (Attack Complexity: High) suggests exploitation requires specific conditions; KEV status, EPSS probability, and public POC availability are critical factors for determining actual prioritization.

PHP Local File Inclusion (LFI) vulnerability in Gavias Krowd versions up to 1.4.1 that allows unauthenticated remote attackers to include and execute arbitrary local files on the server. The vulnerability stems from improper control of filename parameters in PHP include/require statements (CWE-98), enabling attackers to read sensitive files or execute malicious code with high complexity but high impact including confidentiality, integrity, and availability compromise. No public exploit code or active exploitation reports are currently available in standard vulnerability databases, but the high CVSS score (8.1) and network-accessible attack vector indicate significant risk for unpatched installations.

PHP Local File Inclusion (LFI) vulnerability in snstheme Nitan theme affecting versions through 2.9, allowing unauthenticated remote attackers to include and execute arbitrary local files on the server. While the CVSS score of 8.1 indicates high severity with potential for confidentiality, integrity, and availability impact, the attack complexity is marked as HIGH, suggesting exploitation requires specific conditions or server configurations. The vulnerability stems from improper validation of filename parameters in PHP include/require statements (CWE-98), a classic but dangerous class of web application flaws.

FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.11 has insufficient isolation and inadequate restrictions on code execution by allowing overly permissive syscalls, which allows attackers to escape the intended sandbox boundaries. Attackers could exploit this to read and overwrite arbitrary files and bypass Python module import restrictions. This is patched in version 4.9.11 by restricting the allowed system calls to a safer subset and additional descriptive error messaging.

A security vulnerability in WilderForge (CVSS 9.9). Critical severity with potential for significant impact on affected systems.

Discourse versions prior to 3.4.4 (stable), 3.5.0.beta5 (beta), and 3.5.0.beta6-dev (tests-passed) contain a critical vulnerability where Codepen is included in the default `allowed_iframes` site setting and can auto-execute arbitrary JavaScript within the iframe scope, enabling unauthenticated remote code execution. With a CVSS score of 9.8 and network-accessible attack vector requiring no privileges or user interaction, this vulnerability poses severe risk to all default Discourse installations and should be prioritized for immediate patching.

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.

Critical remote code execution vulnerability in Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior, exploitable through the Content Search module without authentication. An attacker can achieve arbitrary code execution with high confidentiality, integrity, and availability impact across the system boundary (CVSS 9.6). This vulnerability requires user interaction (UI=R) and involves improper file upload handling (CWE-434); active exploitation status and POC availability require verification through CISA KEV and public disclosures.

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.