Freedom Coder articles - 211 total
CVE-2025-21042: Samsung Mobile Devices Out-of-Bounds Write Vulnerability
Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so. This vulnerability could allow remote attackers to execute arbitrary code.
CVE-2017-9805: Apache Struts Deserialization of Untrusted Data Vulnerability
Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.
CVE-2017-17562: Embedthis GoAhead Remote Code Execution Vulnerability
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.
CVE-2021-44228: Apache Log4j2 Remote Code Execution Vulnerability
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
CVE-2025-11371: Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability
Gladinet CentreStack and Triofox contains a files or directories accessible to external parties vulnerability that allows unintended disclosure of system files.
CVE-2025-48703: CWP Control Web Panel OS Command Injection Vulnerability
CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
CVE-2024-1086: Linux Kernel Use-After-Free Vulnerability
Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.
CVE-2025-24893: XWiki Platform Eval Injection Vulnerability
XWiki Platform contains an eval injection vulnerability that could allow any guest to perform arbitrary remote code execution through a request to SolrSearch.
CVE-2017-9841: PHPUnit Command Injection Vulnerability
PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
CVE-2022-22947: VMware Spring Cloud Gateway Code Injection Vulnerability
Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.
CVE-2021-3129: Laravel Ignition File Upload Vulnerability
Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents().
CVE-2025-6205: Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability
Dassault Systèmes DELMIA Apriso contains a missing authorization vulnerability that could allow an attacker to gain privileged access to the application.
CVE-2025-6204: Dassault Systèmes DELMIA Apriso Code Injection Vulnerability
Dassault Systèmes DELMIA Apriso contains a code injection vulnerability that could allow an attacker to execute arbitrary code.
CVE-2025-59287: Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.
CVE-2025-54236: Adobe Commerce and Magento Improper Input Validation Vulnerability
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.
CVE-2024-34102: Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.
CVE-2025-61932: Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability
Motex LANSCOPE Endpoint Manager contains an improper verification of source of a communication channel vulnerability allowing an attacker to execute arbitrary code by sending specially crafted packets.
CVE-2021-36942: Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability
Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.
CVE-2023-20118: Cisco Small Business RV Series Routers Command Injection Vulnerability
Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authenticated, remote attacker to gain root-level privileges and access unauthorized data.
CVE-2025-61884: Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.
CVE-2025-33073: Microsoft Windows SMB Client Improper Access Control Vulnerability
Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.
CVE-2025-2747: Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability
Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.
CVE-2025-2746: Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability
Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.
CVE-2022-48503: Apple Multiple Products Unspecified Vulnerability
Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
The Importance of Scanning Files Before Downloading: A Guide to Safe Online Practices
In our interconnected digital world, downloading files and opening email attachments have become...
CVE-2017-3881: Cisco IOS and IOS XE Remote Code Execution Vulnerability
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.
CVE-2025-20352: Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
Cisco IOS and IOS XE contains a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remote code execution. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system.
CVE-2016-7836: SKYSEA Client View Improper Authentication Vulnerability
SKYSEA Client View contains an improper authentication vulnerability that allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.
CVE-2025-6264: Rapid7 Velociraptor Incorrect Default Permissions Vulnerability
Rapid7 Velociraptor contains an incorrect default permissions vulnerability that can lead to arbitrary command execution and endpoint takeover. To successfully exploit this vulnerability the user must already have access to collect artifacts from the endpoint.
CVE-2025-59230: Microsoft Windows Improper Access Control Vulnerability
Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally.