Remote Code Execution

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

The SoJ SoundSlides plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the soj_soundslides_options_subpanel() function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the file uploading functionality in all versions up to,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

A SQL injection vulnerability exists in Epicor HCM 2021 1.9, with patches available: 5.16.0.1033/HCM2022, 5.17.0.1146/HCM2023, and 5.18.0.573/HCM2024. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

InvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code execution vulnerability in the upload_file method of the Upload controller. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set() method at setIn (lib/index.js:90). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function in the aim.js component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dnd_remove_uploaded_files'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

The Kubio AI Page Builder WordPress plugin through version 2.5.1 contains an unauthenticated Local File Inclusion via the kubio_hybrid_theme_load_template function. Attackers can include and execute arbitrary PHP files on the server, achieving remote code execution through techniques like PHP filter chains or log poisoning.

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

FoxCMS version 1.2.5 contains an unauthenticated remote code execution vulnerability in the case display page of the index.html component. Attackers can inject and execute arbitrary PHP code on the server through crafted requests to the case display functionality.

Mesop is a Python-based UI framework that allows users to build web applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Kylin. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

A code execution vulnerability exists in the Xiaomi shop applicationproduct. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

An code execution vulnerability exists in the Xiaomi smarthome application product. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 67.3% and no vendor patch available.

A cross-site scripting (XSS) vulnerability in ScriptCase before v1.0.003 - Build 3 allows attackers to execute arbitrary code via a crafted payload to the "Connection Name" in the New Connection and. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

An issue in Arris NVG443B 9.3.0h3d36 allows a physically proximate attacker to execute arbitrary code via the cshell login component. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Visual Text Editor allows Remote Code Inclusion.2.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

A code execution vulnerability exists in the Xiaomi Game center application product. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

The Total Upkeep - WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

A vulnerability was found in Pagure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RabbitMQ is a messaging and streaming broker. Rated medium severity (CVSS 6.1). No vendor patch available.

A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

An issue in IIT Bombay, Mumbai, India Bodhitree of cs101 version allows a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Frappe is a full-stack web application framework. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 allows remote attackers to execute arbitrary code via the GEST_LOGIN parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

An improper control of generation of code ('Code Injection') vulnerability in the AprolCreateReport component of B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to read files. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%.

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access to achieve arbitrary code execution in the controller context. Dubbed 'IngressNightmare', this flaw exposes cluster Secrets including TLS certificates and service account tokens accessible to the ingress controller.

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress annotations. Attackers can inject arbitrary NGINX configuration directives that lead to code execution in the ingress controller context, exposing cluster Secrets. This is a companion vulnerability to CVE-2025-1974 (IngressNightmare).

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%.

A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security parameter of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

The Block Logic - Full Gutenberg Block Display Control plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.8 via the block_logic_check_logic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Santesoft Sante DICOM Viewer Pro is vulnerable to an out-of-bounds write, which requires a user to open a malicious DCM file, resulting in execution of arbitrary code by a local attacker. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

A vulnerability allowing remote code execution (RCE) for domain users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.3%.

An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A Remote Code Execution (RCE) vulnerability has been identified in the Kedro ShelveStore class (version 0.19.8). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SuperAGI is vulnerable to remote code execution in the latest version. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions <=1.3.4.post1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability in the RpcAgentServerLauncher class of modelscope/agentscope v0.0.6a3 allows for remote code execution (RCE) via deserialization of untrusted data using the dill library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safer_getattr() function from RestrictedPython. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint `/audio/api/v1/transcriptions` that allows for arbitrary file upload. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the download_model endpoint. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for SQL injection in the `run_sql_query` function of the `database_agent`. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.