Remote Code Execution — 1287 CVEs (Page 2/11)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2025-08-08

Critical

CVE-2012-10050

CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. The application fails to validate or restrict uploaded file typ…

CVSS: 9.3 CWE: CWE-434

Critical

CVE-2012-10049

WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uplo…

CVSS: 9.3 CWE: CWE-434

Critical

CVE-2012-10047

Cyclope Employee Surveillance Solution versions 6.x is vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allo…

CVSS: 10.0 CWE: CWE-89

Critical

CVE-2012-10044

MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking file_put…

CVSS: 10.0 CWE: CWE-434

Critical

CVE-2012-10043

A stack-based buffer overflow vulnerability exists in ActFax Server version 4.32, specifically in the "Import Users from File" functionality of the client interface. The application fails to properly…

CVSS: 9.3 CWE: CWE-121

High

CVE-2012-10042

Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials (admin:secret) and allows authenticated u…

CVSS: 8.7 CWE: CWE-434

Critical

CVE-2012-10041

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shell_exec() with unsanitized input from the pc POST parameter, allowing remote attackers…

CVSS: 9.3 CWE: CWE-78

Critical

CVE-2012-10036

Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/upload_file.php. The upload handler fails to validate the file type or enforce authentication,…

CVSS: 9.3 CWE: CWE-434

Critical

CVE-2025-8356

In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the att…

CVSS: 9.8 CWE: CWE-22

High

CVE-2025-8088

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild…

CVSS: 8.8 CWE: CWE-35

Critical

CVE-2025-48913

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to re…

CVSS: 9.8 CWE: CWE-20

High

CVE-2025-54886

skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.get_model does not contain any logic to prevent arbitrary code execu…

CVSS: 8.4 CWE: CWE-502

Critical

CVE-2025-54952

An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effe…

CVSS: 9.8 CWE: CWE-680

2025-08-07

Critical

CVE-2025-54951

A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue…

CVSS: 9.8 CWE: CWE-122

Critical

CVE-2025-54950

An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects Exec…

CVSS: 9.8 CWE: CWE-125

Critical

CVE-2025-54949

A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493d…

CVSS: 9.8 CWE: CWE-122

Critical

CVE-2025-30405

An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable…

CVSS: 9.8 CWE: CWE-190

Critical

CVE-2025-30404

An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects Execu…

CVSS: 9.8 CWE: CWE-190

Critical

CVE-2025-50692

FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html.

CVSS: 9.8 CWE: CWE-94

High

CVE-2025-50675

GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissions in its installation directory. The directory is accessible with full read, write, and execute pe…

CVSS: 7.8 CWE: CWE-732

Critical

CVE-2025-34151

A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). The input is passed directly to system-…

CVSS: 9.4 CWE: CWE-78

High

CVE-2025-3770

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution a…

CVSS: 7.0 CWE: CWE-693

2025-08-06

High

CVE-2025-7769

Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api endpoint when the DEVICE_PING command is called, allowing remote code execution due to improper handlin…

CVSS: 8.7 CWE: CWE-77

High

CVE-2025-6634

A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code…

CVSS: 7.8 CWE: CWE-120

High

CVE-2025-6633

A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data co…

CVSS: 7.8 CWE: CWE-787

Medium

CVE-2025-6632

A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read…

CVSS: 5.3 CWE: CWE-125

High

CVE-2025-51056

An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' cust…

CVSS: 8.2 CWE: CWE-434

Medium

CVE-2025-51053

A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in vi…

CVSS: 6.1 CWE: CWE-79

High

CVE-2025-50286

A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is…

CVSS: 8.1 CWE: CWE-434

Medium

CVE-2025-50234

MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sys_au…

CVSS: 6.5 CWE: CWE-918

High

CVE-2025-3354

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute…

CVSS: 8.1 CWE: CWE-122

High

CVE-2025-3320

CVSS: 8.1 CWE: CWE-122

High

CVE-2025-23319

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of…

CVSS: 8.1 CWE: CWE-805

High

CVE-2025-23318

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability m…

CVSS: 8.1 CWE: CWE-805

Critical

CVE-2025-23317

NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vul…

CVSS: 9.1 CWE: CWE-122

Critical

CVE-2025-23311

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead t…

CVSS: 9.8 CWE: CWE-121

Critical

CVE-2025-23310

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerabili…

CVSS: 9.8 CWE: CWE-121

High

CVE-2025-7771

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be ex…

CVSS: 8.7 CWE: CWE-782

High

CVE-2025-8420

The Request a Quote Form plugin for WordPress is vulnerable to Remote Code Execution in version less than, or equal to, 2.5.2 via the emd_form_builder_lite_pagenum function. This is due to the plugin…

CVSS: 8.1 CWE: CWE-95

Medium

CVE-2025-8656

Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows physically present attackers to downgrade software on affected installations of Kenwood DMX95…

CVSS: 6.8 CWE: CWE-693

Medium

CVE-2025-8655

Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenw…

CVSS: 6.8 CWE: CWE-78

High

CVE-2025-8654

Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwoo…

CVSS: 8.8 CWE: CWE-78

High

CVE-2025-8653

Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatio…

CVSS: 8.8 CWE: CWE-121

Medium

CVE-2025-8652

Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Ken…

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8651

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8650

Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenw…

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8649

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8648

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8647

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8646

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8645

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8644

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8643

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8642

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8641

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8640

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8639

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected Kenwood DMX958XR devices. Authentication…

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8638

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8637

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8636

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8635

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8634

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8633

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8632

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8631

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8630

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8629

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2025-8628

CVSS: 6.8 CWE: CWE-78

Critical

CVE-2025-54594

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used t…

CVSS: 9.1 CWE: CWE-94

2025-08-05

High

CVE-2025-53534

RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak defau…

CVSS: 7.7 CWE: CWE-305

Medium

CVE-2025-51541

A stored cross-site scripting (XSS) vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The c_database_schema field fails to properly sanitize…

CVSS: 6.1 CWE: CWE-79

Critical

CVE-2013-10070

PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploi…

CVSS: 10.0 CWE: CWE-95

Critical

CVE-2013-10068

Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded fro…

CVSS: 9.4 CWE: CWE-121

Critical

CVE-2013-10067

Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows use…

CVSS: 9.4 CWE: CWE-434

Critical

CVE-2013-10066

An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to upload files to the /userp…

CVSS: 10.0 CWE: CWE-434

Critical

CVE-2013-10064

A stack-based buffer overflow vulnerability exists in ActFax Server version 5.01. The server's RAW protocol interface fails to safely process user-supplied data in @F506 fax header fields due to inse…

CVSS: 9.3 CWE: CWE-121

Critical

CVE-2012-10035

Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted payload, an unauthenticated remote attacker…

CVSS: 10.0 CWE: CWE-120

Critical

CVE-2012-10033

Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before p…

CVSS: 9.3 CWE: CWE-78

High

CVE-2012-10031

BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. When parsing a crafted .plf file, t…

CVSS: 8.6 CWE: CWE-121

Critical

CVE-2012-10030

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credential…

CVSS: 9.3 CWE: CWE-306

High

CVE-2012-10029

Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized pa…

CVSS: 8.6 CWE: CWE-78

High

CVE-2012-10028

Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests…

CVSS: 8.6 CWE: CWE-78

Critical

CVE-2012-10027

WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP fil…

CVSS: 9.3 CWE: CWE-434

Critical

CVE-2012-10026

The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded f…

CVSS: 10.0 CWE: CWE-434

Critical

CVE-2012-10025

The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core/actions/export.php. When the PHP configuration directive allow_u…

CVSS: 10.0 CWE: CWE-98

Medium

CVE-2012-10023

A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrit…

CVSS: 6.9 CWE: CWE-121

Medium

CVE-2025-45512

A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution.

CVSS: 6.5 CWE: CWE-77

Medium

CVE-2025-50688

A command injection vulnerability exists in TwistedWeb (version 14.0.0) due to improper input sanitization in the file upload functionality. An attacker can exploit this vulnerability by sending a sp…

CVSS: 6.5 CWE: CWE-77

Critical

CVE-2025-54253

Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to b…

CVSS: 10.0 CWE: CWE-16

Critical

CVE-2025-50707

An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component

CVSS: 9.8 CWE: CWE-94

Critical

CVE-2025-50706

An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function

CVSS: 9.8 CWE: CWE-94

Critical

CVE-2025-2611

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results…

CVSS: 9.3 CWE: CWE-20

High

CVE-2025-6207

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including,…

CVSS: 7.5 CWE: CWE-434

High

CVE-2025-5061

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in all versions up to, and includin…

CVSS: 7.5 CWE: CWE-434

Critical

CVE-2025-54802

pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package para…

CVSS: 9.8 CWE: CWE-22

2025-08-04

Critical

CVE-2025-46093

LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers…

CVSS: 9.9 CWE: CWE-732

Critical

CVE-2025-51387

The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and Ena…

CVSS: 9.8 CWE: CWE-94

Critical

CVE-2025-50754

Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report" functionality. A malicious script submitted by an attacker is rendered in the admin panel when viewe…

CVSS: 9.6 CWE: CWE-79

High

CVE-2025-53395

Paramount Macrium Reflect through 2025-06-26 allows local attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx backup file and a malicious VSSSvr.dll located in the…

CVSS: 7.7 CWE: CWE-427

High

CVE-2025-53394

Paramount Macrium Reflect through 2025-06-26 allows attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx or .mrbax backup file and a renamed executable placed in th…

CVSS: 7.7 CWE: CWE-427

Critical

CVE-2025-52239

An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file.

CVSS: 9.8 CWE: CWE-434

Critical

CVE-2013-10054

An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager p…

CVSS: 9.3 CWE: CWE-434

High

CVE-2025-6204

An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.

CVSS: 8.0 CWE: CWE-94

2025-08-02

High

CVE-2025-23284

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. A successful exploit of this vulnerability might lead to code ex…

CVSS: 7.8 CWE: CWE-121

High

CVE-2025-23283

NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. A successful exploit of this vulnerabi…

CVSS: 7.8 CWE: CWE-121

High

CVE-2025-23281

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. A succes…

CVSS: 7.0 CWE: CWE-416

High

CVE-2025-23279

NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code…

CVSS: 7.0 CWE: CWE-367

High

CVE-2025-23276

NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges. A successful exploit of this vulnerability may lead to escalation of privileges, denial of…

CVSS: 7.8 CWE: CWE-552

Medium

CVE-2025-7694

The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the woffice_file_manager_delete() function in all versions up to, and includ…

CVSS: 6.8 CWE: CWE-22

Medium

CVE-2025-54789

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript,…

CVSS: 5.1 CWE: CWE-80

Critical

CVE-2025-54782

Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-in…

CVSS: 9.4 CWE: CWE-77

High

CVE-2025-54386

Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installati…

CVSS: 7.3 CWE: CWE-22

High

CVE-2025-54136

Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file i…

CVSS: 7.2 CWE: CWE-78

2025-08-01

High

CVE-2025-54424

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication betwee…

CVSS: 8.1 CWE: CWE-77

High

CVE-2013-10058

An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails…

CVSS: 8.6 CWE: CWE-78

High

CVE-2013-10057

A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx), specifically the ConnectToSynactis method. When a long string is passed to this method—in…

CVSS: 7.5 CWE: CWE-94

Critical

CVE-2013-10055

An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension val…

CVSS: 9.3 CWE: CWE-434

Critical

CVE-2013-10051

A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed via the loo…

CVSS: 9.3 CWE: CWE-95

High

CVE-2013-10046

A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the a…

CVSS: 8.5 CWE: CWE-22

High

CVE-2013-10044

An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once e…

CVSS: 8.7 CWE: CWE-89