10
CVE-2025-66209 - Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Backup
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows users with application/service management permissions to execute arbitrar…
7.8
CVE-2025-12840 - Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Executi…
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vu…
7.8
CVE-2025-12839 - Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Executi…
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vu…
7.8
CVE-2025-12495 - Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Executi…
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vu…
7.3
CVE-2025-12838 - MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability
MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exp…
4.5
CVE-2025-13698 - Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary File Creation Vulnerability
Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific fl…
7.8
CVE-2025-13715 - Tencent FaceDetection-DSFD resnet Deserialization of Untrusted Data Remote Code Execution Vulnerabi…
Tencent FaceDetection-DSFD resnet Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent FaceDetection-DSFD. User interaction is required to exploit this vulnerability in that t…
7.8
CVE-2025-13709 - Tencent TFace restore_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerabil…
Tencent TFace restore_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to exploit this vulnerability in that the target must…
7.8
CVE-2025-13711 - Tencent TFace eval Deserialization of Untrusted Data Remote Code Execution Vulnerability
Tencent TFace eval Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to exploit this vulnerability in that the target must visit a malic…
7.8
CVE-2025-13706 - Tencent PatrickStar merge_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulner…
Tencent PatrickStar merge_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent PatrickStar. User interaction is required to exploit this vulnerability in that the t…