CVE Feeds
CVE News Feed
Updates on the latest vulnerabilities detected.
-
CVE-2025-13699 - MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability
CVE ID :CVE-2025-13699
Published : Dec. 23, 2025, 9:40 p.m. | 15 minutes ago
Description :MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27000.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-13698 - Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary File Creation Vulnerability
CVE ID :CVE-2025-13698
Published : Dec. 23, 2025, 9:40 p.m. | 16 minutes ago
Description :Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of backup configuration files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of root. Was ZDI-CAN-28133.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-13715 - Tencent FaceDetection-DSFD resnet Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE ID :CVE-2025-13715
Published : Dec. 23, 2025, 9:38 p.m. | 17 minutes ago
Description :Tencent FaceDetection-DSFD resnet Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent FaceDetection-DSFD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resnet endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27197.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-13709 - Tencent TFace restore_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE ID :CVE-2025-13709
Published : Dec. 23, 2025, 9:34 p.m. | 22 minutes ago
Description :Tencent TFace restore_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the restore_checkpoint function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27185.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-13711 - Tencent TFace eval Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE ID :CVE-2025-13711
Published : Dec. 23, 2025, 9:34 p.m. | 22 minutes ago
Description :Tencent TFace eval Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the eval endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27187.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-13706 - Tencent PatrickStar merge_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE ID :CVE-2025-13706
Published : Dec. 23, 2025, 9:34 p.m. | 22 minutes ago
Description :Tencent PatrickStar merge_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent PatrickStar. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the merge_checkpoint endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27182.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-13708 - Tencent NeuralNLP-NeuralClassifier _load_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE ID :CVE-2025-13708
Published : Dec. 23, 2025, 9:33 p.m. | 22 minutes ago
Description :Tencent NeuralNLP-NeuralClassifier _load_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent NeuralNLP-NeuralClassifier. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the _load_checkpoint function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27184.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-13716 - Tencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE ID :CVE-2025-13716
Published : Dec. 23, 2025, 9:33 p.m. | 22 minutes ago
Description :Tencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MimicMotion. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the create_pipeline function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27208.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-13714 - Tencent MedicalNet generate_model Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE ID :CVE-2025-13714
Published : Dec. 23, 2025, 9:33 p.m. | 22 minutes ago
Description :Tencent MedicalNet generate_model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MedicalNet. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the generate_model function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27192.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-13710 - Tencent HunyuanVideo load_vae Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE ID :CVE-2025-13710
Published : Dec. 23, 2025, 9:33 p.m. | 22 minutes ago
Description :Tencent HunyuanVideo load_vae Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanVideo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the load_vae function.The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27186.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-13707 - Tencent HunyuanDiT model_resume Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE ID :CVE-2025-13707
Published : Dec. 23, 2025, 9:33 p.m. | 22 minutes ago
Description :Tencent HunyuanDiT model_resume Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanDiT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the model_resume function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27183.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-13712 - Tencent HunyuanDiT merge Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE ID :CVE-2025-13712
Published : Dec. 23, 2025, 9:33 p.m. | 22 minutes ago
Description :Tencent HunyuanDiT merge Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanDiT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the merge endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27190.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-13713 - Tencent Hunyuan3D-1 load_pretrained Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE ID :CVE-2025-13713
Published : Dec. 23, 2025, 9:33 p.m. | 22 minutes ago
Description :Tencent Hunyuan3D-1 load_pretrained Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent Hunyuan3D-1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the load_pretrained function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27191.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-15046 - Tenda WH450 HTTP Request PPTPClient stack-based overflow
CVE ID :CVE-2025-15046
Published : Dec. 23, 2025, 9:32 p.m. | 24 minutes ago
Description :A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14425 - GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE ID :CVE-2025-14425
Published : Dec. 23, 2025, 9:31 p.m. | 24 minutes ago
Description :GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28248.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14424 - GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE ID :CVE-2025-14424
Published : Dec. 23, 2025, 9:31 p.m. | 24 minutes ago
Description :GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XCF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28376.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14423 - GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE ID :CVE-2025-14423
Published : Dec. 23, 2025, 9:31 p.m. | 24 minutes ago
Description :GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LBM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28311.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14422 - GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability
CVE ID :CVE-2025-14422
Published : Dec. 23, 2025, 9:31 p.m. | 25 minutes ago
Description :GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28273.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-13703 - VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability
CVE ID :CVE-2025-13703
Published : Dec. 23, 2025, 9:30 p.m. | 25 minutes ago
Description :VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security for PC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions on a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27147.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14414 - Soda PDF Desktop Word File Insufficient UI Warning Remote Code Execution Vulnerability
CVE ID :CVE-2025-14414
Published : Dec. 23, 2025, 9:24 p.m. | 31 minutes ago
Description :Soda PDF Desktop Word File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Word files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27496.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Information
Vortech Consulting is a network security and design consulting firm originally founded in 1997. Over our nearly 30 year history we have provided security services and products for a wide variety of companies around the globe.
Company
Who's Online
We have 631 guests and no members online