RCE
TL;DR / Executive Summary CVE-2025-46816 exposes a critical Remote Code Execution (RCE) vulnerability in goshs, a Go-based simple HTTP server, affecting versions 0.3.4 through 1.0.4. When goshs is run without specific command-line arguments (like the -c flag to explicitly enable command execution), it inadvertently leaves a
RCE
Hold onto your GPUs, folks! We're diving into CVE-2025-32444, a nasty Remote Code Execution (RCE) vulnerability lurking within the popular Large Language Model (LLM) serving framework, vLLM. If you're using vLLM's Mooncake integration, this one needs your immediate attention. Let's unpack this
RCE
You know that feeling when you fix a leaky pipe, only to find another drip springing up right next to it? Sometimes, software patches feel a bit like that. Today, we're diving into CVE-2025-32432, a critical Remote Code Execution (RCE) vulnerability in Craft CMS that serves as a
RCE
Hey folks, gather round the virtual fireplace. Today, we're diving into a fascinating vulnerability in one of the most popular machine learning frameworks out there: PyTorch. CVE-2025-32434 is a bit of a sneaky one, turning a feature designed for safety into a potential gateway for Remote Code Execution
RCE
Executive Summary CVE-2024-53305 describes a critical vulnerability in Whoogle Search, specifically version 0.9.0. This vulnerability allows an attacker to execute arbitrary code by crafting a malicious search query. The root cause lies in the insecure deserialization of configuration data, which can be manipulated through a specially crafted search
RCE
Executive Summary CVE-2025-32445 describes a critical vulnerability in Argo Events versions prior to 1.9.6. This vulnerability allows a user with permissions to create or modify EventSource and Sensor custom resources (CRs) to gain privileged access to the host system and the Kubernetes cluster. This is achieved by leveraging
RCE
Executive Summary CVE-2024-12029 is a critical remote code execution (RCE) vulnerability affecting InvokeAI versions 5.3.1 through 5.4.2. This vulnerability stems from the unsafe deserialization of model files using torch.load without proper validation within the /api/v2/models/install API endpoint. An attacker can exploit this
RCE
Executive Summary CVE-2025-27520 is a critical vulnerability affecting BentoML, a Python library for building AI application serving systems. This vulnerability allows unauthenticated attackers to execute arbitrary code on the server due to insecure deserialization of untrusted data. Specifically, the vulnerability resides in the serde.py module and is triggered when
RCE
Executive Summary CVE-2025-27364 is a critical Remote Code Execution (RCE) vulnerability affecting MITRE Caldera, a cyber security platform used for automated adversary emulation. The vulnerability exists in the dynamic agent (implant) compilation functionality of the Caldera server. By crafting a malicious web request to the Caldera server API, an unauthenticated
RCE
Executive Summary CVE-2025-24813 is a critical vulnerability affecting Apache Tomcat versions 9.0.0.M1 through 9.0.98, 10.1.0-M1 through 10.1.34, and 11.0.0-M1 through 11.0.2. This vulnerability stems from improper path equivalence checks when handling filenames containing internal dots ("."
RCE
Executive Summary CVE-2025-1316 is a critical vulnerability affecting the Edimax IC-7100 IP camera. This vulnerability stems from improper neutralization of requests, allowing a remote attacker to inject and execute arbitrary commands on the device. With a CVSS v3.1 score of 9.8 (Critical), this flaw poses a significant risk,
RCE
Executive Summary CVE-2025-24016 is a critical remote code execution (RCE) vulnerability affecting Wazuh, a widely used open-source security information and event management (SIEM) platform. This vulnerability stems from unsafe deserialization of DistributedAPI (DAPI) parameters, allowing an attacker with API access to execute arbitrary Python code on the Wazuh server. Specifically,