#rce

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires an authenticated client to click a link in order for an unauthenticated attacker to initiate remote code execution.

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 135.0.3179.54 4/3/2025 135.0.7049.41/.42/.52

### Impact The Tauri [`shell`](https://tauri.app/plugin/shell/) plugin exposes functionality to execute code and open programs on the system. The [`open`](https://tauri.app/reference/javascript/shell/#open) endpoint of this plugin is designed to allow open functionality with the system opener (e.g. `xdg-open` on Linux). This was meant to be restricted to a reasonable number of protocols like `https` or `mailto` by default. This default restriction was not functional due to improper validation of the allowed protocols, allowing for potentially dangerous protocols like `file://`, `smb://`, or `nfs://` and others to be opened by the system registered protocol handler. By passing untrusted user input to the `open` endpoint these potentially dangerous protocols can be abused to gain remote code execution on the system. This either requires direct exposure of the endpoint to application users or code execution in the frontend of a Tauri application. You are not affected if you have e...

About Remote Code Execution – Apache Tomcat (CVE-2025-24813) vulnerability. Apache Tomcat is an open-source software that provides a platform for Java web applications. The vulnerability allows a remote attacker to upload and execute arbitrary files on the server due to flaws in the handling of uploaded session files and the deserialization mechanism. 🔻 The vendor’s […]

A critical vulnerability (CVE-2025-1268) in Canon printer drivers allows remote code execution. See which drivers are affected, how to patch them.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Lifecycle Services with Veeam Backup and Replication Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with administrative privileges to execute code on the target system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports the following Lifecycle Services with Veeam Backup and Replication are affected: Industrial Data Center (IDC) with Veeam: Generations 1 – 5 VersaVirtual Appliance (VVA) with Veeam: Series A - C 3.2 VULNERABILITY OVERVIEW 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 A remote code execution vulnerability exists in Veeam Backup and Replication, which the affected products use. Exploitation of the vulnerability can allow a threat actor to execute code on the target system. CVE-2025-23120 has been assigned to this vulnerability. ...

The device provides access to an unprotected endpoint, enabling the upload of MPFS File System binary images. Authenticated attackers can exploit this vulnerability to overwrite the flash program memory containing the web server's main interfaces, potentially leading to arbitrary code execution.

### Impact The library used to extract archives (github.com/jaredallard/archives) was vulnerable to the "zip slip" vulnerability. This is used to extract native extension archives and repository source archives. A native extension or repository archive could be crafted in such a way where a remote code execution or modification/reading of a file is possible using the user who is running stencil. The severity is marked as "medium" because native extensions have always considered to be "unsafe" to run when not trusted. Native extensions are arbitrary code being ran, which could always do this same exploit with less steps. The medium severity is to reflect that this could be done even when a user is _not_ using a native extension, for example a repository source archive. However, one would need to mutate the archives provided by Github or perform some hackery with links, which may not be possible. Thus, "medium" is used out of an abundance of caution where I would've labeled this as "lo...

A vulnerability has been found that can be exploited through every browser as long as its running on a Windows system

### Impact A malicious user could feed a specially crafted archive to this library causing RCE, modification of files or other bad things in the context of whatever user is running this library as, through the program that imports it. The severity highly depends on the user's permissions and environment it is being ran in (e.g., non root, read only root container would likely have no impact vs running something as root on a production system). The severity is also dependent on **arbitrary archives** being passed or not. Based on the above, severity high was picked to be safe. ### Patches Patched with the help of snyk and gosec in v1.0.1 ### Workarounds The only workaround is to manually validate archives before submitting them to this library, however that is not recommended vs upgrading to unaffected versions. ### References https://security.snyk.io/research/zip-slip-vulnerability