Remote Code Execution

PHP Local File Inclusion (LFI) vulnerability in Gavias Krowd versions up to 1.4.1 that allows unauthenticated remote attackers to include and execute arbitrary local files on the server. The vulnerability stems from improper control of filename parameters in PHP include/require statements (CWE-98), enabling attackers to read sensitive files or execute malicious code with high complexity but high impact including confidentiality, integrity, and availability compromise. No public exploit code or active exploitation reports are currently available in standard vulnerability databases, but the high CVSS score (8.1) and network-accessible attack vector indicate significant risk for unpatched installations.

PHP Local File Inclusion (LFI) vulnerability in snstheme Nitan theme affecting versions through 2.9, allowing unauthenticated remote attackers to include and execute arbitrary local files on the server. While the CVSS score of 8.1 indicates high severity with potential for confidentiality, integrity, and availability impact, the attack complexity is marked as HIGH, suggesting exploitation requires specific conditions or server configurations. The vulnerability stems from improper validation of filename parameters in PHP include/require statements (CWE-98), a classic but dangerous class of web application flaws.

FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.11 has insufficient isolation and inadequate restrictions on code execution by allowing overly permissive syscalls, which allows attackers to escape the intended sandbox boundaries. Attackers could exploit this to read and overwrite arbitrary files and bypass Python module import restrictions. This is patched in version 4.9.11 by restricting the allowed system calls to a safer subset and additional descriptive error messaging.

A security vulnerability in WilderForge (CVSS 9.9). Critical severity with potential for significant impact on affected systems.

Discourse versions prior to 3.4.4 (stable), 3.5.0.beta5 (beta), and 3.5.0.beta6-dev (tests-passed) contain a critical vulnerability where Codepen is included in the default `allowed_iframes` site setting and can auto-execute arbitrary JavaScript within the iframe scope, enabling unauthenticated remote code execution. With a CVSS score of 9.8 and network-accessible attack vector requiring no privileges or user interaction, this vulnerability poses severe risk to all default Discourse installations and should be prioritized for immediate patching.

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.

Critical remote code execution vulnerability in Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior, exploitable through the Content Search module without authentication. An attacker can achieve arbitrary code execution with high confidentiality, integrity, and availability impact across the system boundary (CVSS 9.6). This vulnerability requires user interaction (UI=R) and involves improper file upload handling (CWE-434); active exploitation status and POC availability require verification through CISA KEV and public disclosures.

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

A command injection vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.

A command injection vulnerability exists in the Quantenna Wi-Fi chipset's router_command.sh script affecting versions through 8.0.0.28 of the SDK. The flaw allows unauthenticated local attackers to inject arbitrary commands via improper argument handling in the put_file_to_qtn parameter, potentially leading to confidentiality and integrity compromise. No official patch is available as of the CVE publication date, though the vendor has released mitigation guidance; this vulnerability is not currently tracked as actively exploited in CISA's Known Exploited Vulnerabilities catalog.

A command injection vulnerability exists in the Quantenna Wi-Fi chipset's router_command.sh local control script, allowing unauthenticated local attackers to execute arbitrary commands with high impact on confidentiality and integrity. The vulnerability affects Quantenna Wi-Fi chipset versions through 8.0.0.28 of the latest SDK and remains unpatched as of the CVE publication date, though the vendor has provided best practices guidance rather than a direct patch. With a CVSS score of 7.7 and local attack vector requirements, this poses significant risk to routers and access points using affected Quantenna chipsets, particularly in multi-user or compromised-local-network scenarios.

Skyvern versions through 0.1.85 contain a server-side template injection (SSTI) vulnerability in the Prompt field of workflow blocks (specifically Navigation v2 Block) that allows authenticated users to inject malicious Jinja2 template expressions. These expressions are evaluated server-side without proper sanitization, enabling blind remote code execution. With a CVSS score of 8.5, this vulnerability requires valid authentication but has high confidentiality impact and crosses trust boundaries (CVSS:3.1/S:C).

Kafbat UI version 1.0.0 contains an unsafe deserialization vulnerability (CWE-502) that allows unauthenticated remote attackers to execute arbitrary code on affected servers with no user interaction required. This is a critical pre-authentication RCE affecting Kafka cluster management infrastructure. The vulnerability has a CVSS score of 8.9 with high impact across confidentiality, integrity, and availability; patch is available in version 1.1.0.

Out-of-bounds write vulnerability in Sante DICOM Viewer Pro's DCM file parsing that allows remote code execution with high severity (CVSS 7.8). The vulnerability affects users who open malicious DICOM files, enabling attackers to execute arbitrary code in the application's process context. This is a user-interaction-dependent vulnerability with local attack vector, but the ability to trigger RCE via file opening makes it practically significant for targeted attacks.

Local privilege escalation vulnerability in Action1 where an attacker with low-privileged code execution can exploit an insecure OpenSSL configuration file loading mechanism to achieve SYSTEM-level code execution. The vulnerability requires prior code execution capability on the target system but presents a direct path to full system compromise once initial access is obtained. No active exploitation or public POC has been confirmed at this time, but the moderate CVSS score of 7.8 and CWE-427 classification indicate a meaningful risk to Action1 users.

Local privilege escalation vulnerability in 2BrightSparks SyncBackFree that allows low-privileged attackers to escalate to SYSTEM-level privileges by abusing the Mirror functionality through malicious junction creation. The vulnerability requires local code execution capability and administrator interaction, enabling arbitrary file deletion and code execution with SYSTEM privileges. This is a moderately severe local privilege escalation with a CVSS score of 7.3.

Critical remote code execution vulnerability in GIMP's ICO file parser caused by an integer overflow (CWE-190) that lacks proper input validation. This vulnerability affects GIMP users who open malicious ICO files or visit attacker-controlled pages serving malicious images, allowing arbitrary code execution with user privileges. The CVSS score of 8.8 reflects high severity with network-accessible attack vector and required user interaction; exploitation status and active weaponization details require cross-reference with KEV/EPSS data.

Directory traversal vulnerability in Allegra's extractFileFromZip method that allows authenticated attackers to execute arbitrary code on affected systems. The vulnerability stems from insufficient path validation, enabling remote code execution in the context of the running process. With a CVSS score of 8.8 and requiring only low-privilege authentication, this represents a significant risk to Allegra deployments, though exploitation requires prior authenticated access.

Critical authentication bypass vulnerability in the 70mai A510 dashcam that exploits default credentials in the device's user account configuration. Network-adjacent attackers can bypass authentication without any credentials and achieve remote code execution with root privileges. This vulnerability presents an immediate and severe risk due to its low attack complexity, lack of user interaction requirement, and the widespread deployment of 70mai dashcams in vehicles.

A critical buffer overflow vulnerability exists in TOTOLINK EX1200T firmware version 4.1.2cu.5232_B20210713 in the HTTP POST request handler for the /boafrm/formPortFw endpoint. An authenticated attacker can exploit this by manipulating the 'service_type' parameter to achieve remote code execution with high impact to confidentiality, integrity, and availability (CVSS 8.8). Public exploits are available, making this an active threat.

A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.

A critical buffer overflow vulnerability exists in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST request handler in the /boafrm/formPortFw endpoint. An authenticated attacker can exploit the unsanitized 'service_type' parameter to trigger a buffer overflow, achieving remote code execution with high impact on confidentiality, integrity, and availability. Public exploit code is available and the vulnerability meets criteria for active exploitation risk.

Critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST request handler at endpoint /boafrm/formWsc. An authenticated remote attacker can exploit this via a malicious 'submit-url' parameter to achieve remote code execution with high impact on confidentiality, integrity, and availability. Public exploit code is available, creating immediate risk for affected deployments.

Critical buffer overflow vulnerability in TOTOLINK X15 1.0.0-B20230714.1105 affecting the DMZ configuration HTTP POST handler. An authenticated attacker can exploit a malformed 'submit-url' parameter in the /boafrm/formDMZ endpoint to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). A proof-of-concept exploit has been publicly disclosed, and the vulnerability may be actively exploited in the wild.

Heap-based buffer overflow vulnerability in WOLFBOX Level 2 EV Charger that allows network-adjacent attackers to execute arbitrary code without authentication. The flaw exists in the tuya_svc_devos_activate_result_parse function where insufficient validation of secKey, localKey, stdTimeZone, and devId parameters enables remote code execution. With a CVSS score of 8.8 and network-adjacent attack vector, this represents a critical risk for deployed EV charging infrastructure.

Critical remote code execution vulnerability in WOLFBOX Level 2 EV Charger devices that exploits an exposed dangerous method in the Tuya communications module, allowing network-adjacent attackers to upload and execute arbitrary code despite authentication requirements. The authentication bypass mechanism combined with the exposed software upload functionality creates a high-severity attack path that can grant attackers complete control over affected EV charger installations. This vulnerability (formerly ZDI-CAN-26349) presents significant risk to vehicle charging infrastructure and connected IoT deployments relying on Tuya-based communication protocols.

Remote code execution vulnerability in WOLFBOX Level 2 EV Charger devices caused by improper frame parsing in the Microcontroller Unit (MCU) firmware. Network-adjacent attackers with valid authentication credentials can exploit a frame start detection flaw to misinterpret command input and execute arbitrary code with full device privileges. While no public exploit code or active KEV listing is confirmed from the provided data, the CVSS 8.0 score and requirement for authentication (not public network access) suggest moderate real-world exploitability; however, this should be verified against EPSS scores and vendor advisories for actual threat intelligence integration.

SQL injection vulnerability in Qsync Central that allows authenticated remote attackers to execute arbitrary code or commands with high impact on confidentiality, integrity, and availability. The vulnerability affects all versions prior to Qsync Central 4.5.0.6 (released 2025/03/20), and while no active KEV or public PoC is explicitly referenced in the provided data, the high CVSS score of 8.8 combined with low attack complexity and low privilege requirements indicates this is a serious, readily exploitable vulnerability that should be prioritized for patching.

Command injection vulnerability affecting QNAP NAS operating systems (QTS and QuTS hero) that allows authenticated remote attackers to execute arbitrary commands with high severity (CVSS 8.8). The vulnerability requires valid user credentials but no user interaction, making it exploitable by compromised accounts or insider threats. QNAP has released patches as of March 21, 2025, and exploitation details are limited in public disclosures at this time.

Improper Control of Generation of Code ('Code Injection') vulnerability in cmoreira Team Showcase allows Code Injection. This issue affects Team Showcase: from n/a through n/a.

PHP Local File Inclusion (LFI) vulnerability in choicehomemortgage AI Mortgage Calculator versions up to 1.0.1, caused by improper input validation on file inclusion statements. An authenticated attacker with low privileges can exploit this vulnerability over the network to read arbitrary files from the server, potentially leading to information disclosure, privilege escalation, or remote code execution. The high CVSS score of 7.5 reflects the severity of potential impacts (confidentiality, integrity, availability compromise), though the requirement for authenticated access and high attack complexity somewhat limit real-world exploitability.

Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed only with permissions higher than the view permission.

Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.

A critical buffer overflow vulnerability exists in TOTOLINK X15 firmware version 1.0.0-B20230714.1105, affecting the HTTP POST request handler in the /boafrm/formSaveConfig endpoint. An authenticated attacker can exploit the unsanitized 'submit-url' parameter to trigger a buffer overflow, potentially achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has been publicly disclosed with exploit proof-of-concept available, creating immediate real-world risk.

Critical buffer overflow vulnerability in TOTOLINK X15 router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler at endpoint /boafrm/formStats. An authenticated remote attacker can exploit improper input validation on the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the vulnerability is actively exploitable.

Critical remote code execution vulnerability in expression language processors that allows unauthenticated attackers to execute arbitrary code with maximum server privileges through improper input neutralization. This is a perfect-score CVSS 10.0 vulnerability affecting expression language engines across multiple frameworks; exploitation requires no authentication, user interaction, or special configuration, making it an immediate priority for any organization using affected technologies.

A critical buffer overflow vulnerability exists in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the NTP configuration handler (/boafrm/formNtp). An authenticated attacker can remotely trigger a buffer overflow via the 'submit-url' parameter in HTTP POST requests, achieving remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability meets active exploitation criteria.

Critical buffer overflow vulnerability in TOTOLINK X15 wireless router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formSetLg endpoint. An authenticated attacker can exploit the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed, making this an actively exploitable vulnerability with demonstrated proof-of-concept.

Critical remote buffer overflow vulnerability in TOTOLINK N302R Plus routers up to version 3.4.0-B20201028, affecting the HTTP POST request handler in the /boafrm/formFilter endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'url' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability (CIA triad fully compromised). The vulnerability has public exploit disclosure and represents an active real-world threat to deployed TOTOLINK router infrastructure.

A critical buffer overflow vulnerability exists in TOTOLINK N302R Plus router firmware (versions up to 3.4.0-B20201028) in the HTTP POST request handler for the /boafrm/formPortFw endpoint. An authenticated remote attacker can exploit this by manipulating the 'service_type' parameter to cause buffer overflow, achieving remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability shows strong indicators of active exploitation risk.

File::Find::Rule through version 0.34 contains an arbitrary code execution vulnerability in the grep() function where attacker-controlled filenames are passed unsafely to Perl's open() function using the 2-argument form, allowing command injection. This affects any Perl application using File::Find::Rule to search files in directories containing maliciously-named files. A proof-of-concept exists demonstrating command execution via filenames containing pipe characters (|), and the vulnerability requires user interaction (UI:R) to trigger by searching a directory with crafted filenames.

WP User Frontend Pro plugin versions up to 4.1.3 contain an arbitrary file deletion vulnerability in the delete_avatar_ajax() function that allows authenticated Subscriber-level users to delete critical files on WordPress servers without proper path validation. Successful exploitation can lead to remote code execution by deleting sensitive files such as wp-config.php, and the vulnerability is actively exploitable with no user interaction required. This represents a critical post-authentication privilege escalation affecting a widely-used WordPress plugin.

WP User Frontend Pro plugin for WordPress versions up to 4.1.3 contains an arbitrary file upload vulnerability in the upload_files() function due to missing file type validation, allowing authenticated Subscriber-level users to upload malicious files and achieve remote code execution. This vulnerability is particularly dangerous because it requires only Subscriber-level privileges (the lowest authenticated role in WordPress) and no user interaction, making it a high-severity post-authentication attack vector. The vulnerability is conditional on the Private Message module being enabled and requires the Business version of the PRO software.

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 firmware version 1.10CNB05 affecting the /goform/form2lansetup.cgi endpoint. An unauthenticated remote attacker can exploit this vulnerability by manipulating the 'ip' parameter to achieve complete system compromise including data exfiltration, integrity violation, and denial of service. The vulnerability has public exploit code available and affects end-of-life products no longer receiving vendor support.

Critical command injection vulnerability in Atheos IDE versions prior to 6.0.4, stemming from improper use of escapeshellcmd() in the Git component that allows argument injection leading to arbitrary command execution. The vulnerability affects Atheos administrators and users on vulnerable versions who can be compromised through a network-based attack requiring high privileges (authenticated admin access). An authenticated attacker with administrative rights can execute arbitrary system commands, potentially leading to complete server compromise, data breaches, and lateral movement within the hosting infrastructure.

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 1.10CNB05 affecting the qosClassifier function's dip_address/sip_address parameters. This unauthenticated, remotely exploitable flaw allows attackers to achieve complete system compromise (confidentiality, integrity, and availability impact). The vulnerability affects end-of-life products no longer receiving vendor support, with public exploit disclosure and confirmed proof-of-concept availability increasing real-world exploitation risk.

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 wireless router (version 1.10CNB05) affecting the 5GHz wireless configuration interface. An unauthenticated remote attacker can exploit improper input validation in the wirelessApcli_5g function to achieve complete system compromise including arbitrary code execution, data theft, and service disruption. Public exploit code exists and the affected product line is end-of-life, creating significant risk for unpatched deployments.

A command injection vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.

A critical remote code execution vulnerability exists in D-Link DIR-816 firmware version 1.10CNB05, allowing unauthenticated attackers to execute arbitrary OS commands via the /goform/setipsec_config endpoint by manipulating localIP or remoteIP parameters. The vulnerability has a publicly disclosed proof-of-concept exploit and affects end-of-life hardware no longer receiving security updates from D-Link, creating significant risk for deployed instances.

Critical remote buffer overflow vulnerability in Tenda AC18 router firmware version 15.03.05.05, affecting the reboot timer configuration function. An authenticated attacker can exploit improper input validation on the 'rebootTime' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, availability). Public exploit code exists and the vulnerability is actively exploitable with low attack complexity.

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the `<iframe srcdoc>` attribute, which leads to cross-site scripting (XSS) by loading an attacker's UserJS inside `<script src>`. In order to execute the attack, the attacker needs to control one of the victim's feeds and have an account on the FreshRSS instance that the victim is using. An attacker can gain access to the victim's account by exploiting this vulnerability. If the victim is an admin it would be possible to delete all users (cause damage) or execute arbitrary code on the server by modifying the update URL using fetch() via the XSS. Version 1.26.2 contains a patch for the issue.

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to run arbitrary JavaScript on the feeds page. This occurs by combining a cross-site scripting (XSS) issue that occurs in `f.php` when SVG favicons are downloaded from an attacker-controlled feed containing `<script>` tags inside of them that aren't sanitized, with the lack of CSP in `f.php` by embedding the malicious favicon in an iframe (that has `sandbox="allow-scripts allow-same-origin"` set as its attribute). An attacker needs to control one of the feeds that the victim is subscribed to, and also must have an account on the FreshRSS instance. Other than that, the iframe payload can be embedded as one of two options. The first payload requires user interaction (the user clicking on the malicious feed entry) with default user configuration, and the second payload fires instantly right after the user adds the feed or logs into the account while the feed entry is still visible. This is because of lazy image loading functionality, which the second payload bypasses. An attacker can gain access to the victim's account by exploiting this vulnerability. If the victim is an admin it would be possible to delete all users (cause damage) or execute arbitrary code on the server by modifying the update URL using fetch() via the XSS. Version 1.26.2 has a patch for the issue.

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper limitation of a pathname to a restricted directory (path traversal). An attacker could exploit this vulnerability by sending a crafted web request to an affected device, followed by a specific command through an SSH session. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root.

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.&nbsp; This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by sending a crafted Java object to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root.

A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device.&nbsp; This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by persuading an authenticated, local user to open a crafted .aef file. A successful exploit could allow the attacker to execute arbitrary code on the host that is running the editor application with the privileges of the user who launched it.

Cross Site Scripting vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Marketing/Forms, Marketing/Offers and Content/Pages components.

CVE-2025-29093 is an unauthenticated file upload vulnerability in Motivian Content Management System v41.0.0 that allows remote attackers to execute arbitrary code through the Content/Gallery/Images component. The vulnerability has a CVSS score of 8.2 with high integrity impact, affecting confidentiality and code execution capabilities. No authentication is required (PR:N) and exploitation is trivial (AC:L), making this a critical threat to unpatched instances.

A remote code execution vulnerability in the MIM Admin service (CVSS 8.9). High severity vulnerability requiring prompt remediation.

Local code execution vulnerability in Delta Electronics CNCSoft caused by insufficient validation of user-supplied files. When a user opens a malicious file, an attacker can execute arbitrary code with the privileges of the current process. While no publicly disclosed POC or active exploitation in the wild has been confirmed, the high CVSS score (7.3) and the file-opening attack vector present moderate risk to users of affected CNCSoft versions.

kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in unauthenticated remote code execution on cluster nodes.

Prototype pollution in billboard.js before 3.15.1 via generate function.

Critical buffer overflow vulnerability in the PASV command handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to cause denial of service and potentially achieve code execution with limited impact on confidentiality and integrity. The vulnerability has been publicly disclosed with exploit code available, making it immediately actionable for threat actors. While the CVSS score of 7.3 reflects moderate severity, the combination of remote exploitability, public POC availability, and lack of authentication requirements positions this as a high-priority remediation target.

Insecure deserialization in Auth0-PHP SDK 8.0.0-BETA3 to before 8.3.1.

A information disclosure vulnerability (CVSS 7.3) that allows an attacker. High severity vulnerability requiring prompt remediation. Vendor patch is available.

Buffer overflow in Sangoma IMG2020 HTTP server through 2.3.9.6. EPSS 0.74%. PoC available.

Unauthenticated RCE in JEHC-BPM 2.0.1 via execParams. EPSS 17.3%. PoC and patch available. CVSS 10.0.

XSS in MailEnable before v10 via failure.aspx. EPSS 11.5%. PoC available.

CVE-2025-25021 is a security vulnerability (CVSS 7.2) that allows a privileged execute code. High severity vulnerability requiring prompt remediation.

An arbitrary file upload vulnerability in the component /upload/GoodsCategory/image of erupt v1.12.19 allows attackers to execute arbitrary code via uploading a crafted file.

Path traversal in Python tarfile extraction with filter='data'.

Path traversal vulnerability in Python's tarfile module extraction filters that allows attackers to bypass the 'data' and 'tar' filter protections, enabling symlink targets to point outside the extraction directory and permitting modification of file metadata. This affects any application using TarFile.extractall() or TarFile.extract() with filter='data' or filter='tar' on untrusted tar archives, as well as Python 3.14+ users relying on the new 'data' default filter. The vulnerability has a CVSS score of 7.5 (High) with high integrity impact, though exploitation requires an attacker to control the tar archive contents.

CVE-2025-4138 is a security vulnerability (CVSS 7.5) that allows the extraction filter. High severity vulnerability requiring prompt remediation.

Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

PC Time Tracer versions prior to 5.2 contain an incorrect default permissions vulnerability (CWE-276) that allows local authenticated attackers to execute arbitrary code with SYSTEM privileges on Windows systems. The vulnerability requires local access and user interaction but provides complete system compromise capability. No KEV/CISA known exploited vulnerability status or public POC availability is confirmed from the provided data, though the CVSS 7.3 score and EPSS analysis should be monitored for exploitation likelihood.

A second Qualcomm GPU micronode memory corruption vulnerability (CVE-2025-21479, CVSS 8.6) exists in the unauthorized command execution path during specific GPU command sequences. KEV-listed alongside CVE-2025-21480, this indicates a systemic issue in Qualcomm's GPU micronode command validation that is being actively exploited in mobile attack chains.

Qualcomm GPU micronode contains a memory corruption vulnerability (CVE-2025-21480, CVSS 8.6) caused by unauthorized command execution during specific GPU command sequences. KEV-listed, this vulnerability enables privilege escalation from the GPU context, potentially allowing app-level attackers to gain kernel access through the GPU driver on Qualcomm-based Android devices.

Heap-based buffer overflow vulnerability in Sonos Era 300 speakers that allows unauthenticated, network-adjacent attackers to execute arbitrary code with high severity (CVSS 8.8). The flaw exists in ALAC (Apple Lossless Audio Codec) data processing where insufficient length validation enables buffer overflow conditions. This vulnerability poses significant risk as it requires no authentication, no user interaction, and can be exploited by any attacker on the local network segment to achieve remote code execution in the context of the anacapa user.

Dassault Systemes DELMIA Apriso (releases 2020-2025) contains an unauthenticated deserialization vulnerability (CVE-2025-5086, CVSS 9.0) that enables remote code execution on manufacturing execution systems. KEV-listed with EPSS 39.2% and public PoC, this vulnerability threatens industrial manufacturing operations by targeting the MES (Manufacturing Execution System) layer that controls production processes.

Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.

An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.

An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.

Use-After-Free vulnerability (CWE-416) in Autodesk Revit triggered by maliciously crafted RFA (Revit Family) files that can be linked or imported into the application. An unauthenticated attacker with local access can exploit this vulnerability to crash the application, exfiltrate sensitive data, or achieve arbitrary code execution with the privileges of the Revit process. The attack requires user interaction (opening/importing a malicious file) but has high impact potential (confidentiality, integrity, and availability all compromised); current KEV and exploitation status unknown without additional intelligence sources.

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server. By leveraging this vulnerability, an attacker could upload a specially crafted payload, potentially achieving remote code execution (RCE) on the server. Exploitation requires valid admin credentials, limiting its impact to authorized but potentially malicious users.

Command Injection Rce (3Rd) in HPE StoreOnce backup storage software. One of 6 critical CVEs.

Command Injection Rce (2Nd) in HPE StoreOnce backup storage software. One of 6 critical CVEs.

Command injection remote code execution vulnerability in HPE StoreOnce Software that allows authenticated attackers with high privileges to execute arbitrary commands on affected systems. The vulnerability has a CVSS score of 7.2 (high severity) and requires authenticated access but no user interaction. Given the command injection nature (CWE-77) and network attack vector, this poses significant risk to organizations running vulnerable HPE StoreOnce deployments, particularly if KEV status or active exploitation is confirmed.

Command Injection Rce in HPE StoreOnce backup storage software. One of 6 critical CVEs.

SQL injection in llama_index DuckDB vector store v0.12.19. PoC and patch available.

Critical remote code execution vulnerability affecting Netcom NTC 6200 and NWL 222 series network devices. The vulnerability stems from multiple command injection flaws in the web interface combined with hardcoded credentials, allowing authenticated remote attackers to execute arbitrary commands with elevated privileges. With a CVSS score of 8.6 and an attack vector requiring only adjacent network access and low privileges, this vulnerability poses significant risk to organizations deploying these devices in networked environments.

Roundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows authenticated users to achieve remote code execution through a crafted upload URL. With EPSS 90.4% and KEV listing, this vulnerability in one of the most widely deployed open-source webmail platforms enables any email user to compromise the mail server, accessing all hosted mailboxes.