RCE - Daily CVE Reports (Page 2)

RCE

CVE-2025-1316: Remote Code Execution Vulnerability in Edimax IC-7100 IP Camera

Executive Summary CVE-2025-1316 is a critical vulnerability affecting the Edimax IC-7100 IP camera. This vulnerability stems from improper neutralization of requests, allowing a remote attacker to inject and execute arbitrary commands on the device. With a CVSS v3.1 score of 9.8 (Critical), this flaw poses a significant risk,

RCE

CVE-2025-24016: Unsafe Deserialization Vulnerability in Wazuh Leading to Remote Code Execution

Executive Summary CVE-2025-24016 is a critical remote code execution (RCE) vulnerability affecting Wazuh, a widely used open-source security information and event management (SIEM) platform. This vulnerability stems from unsafe deserialization of DistributedAPI (DAPI) parameters, allowing an attacker with API access to execute arbitrary Python code on the Wazuh server. Specifically,

Ruby

CVE-2025-27407: Remote Code Execution in graphql-ruby via Malicious Schema Loading

Executive Summary CVE-2025-27407 is a critical vulnerability in the graphql-ruby library, a popular Ruby implementation of GraphQL. The vulnerability arises from the unsafe handling of schema definitions loaded via GraphQL::Schema.from_introspection or GraphQL::Schema::Loader.load. Systems that load schemas from untrusted JSON sources are particularly at risk.