CVE-2025-67231

A reflected cross-site scripting XSS vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...

Siri Shortcuts MCP Server: Operating System Command Injection Vulnerability

Siri Shortcuts MCP Server is a tool developed by David as an integrated voice assistant and a context-based protocol server for large models. The Siri Shortcuts MCP Server has a vulnerability related to operating system command injection, which stems from insufficient validation of the shortcutNa...

CVE-2026-24129 Runtipi is Vulnerable to Authenticated Arbitrary Remote Code Execution

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManage...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to using an image with a metadata.yaml containing templates. An attacker can read or overwrite arbitrary files on the host system, potentially leading to execution of arbitrary commands with elevated privileges, ...

CVE-2025-69209

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...

CVE-2026-0533

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...

CVE-2026-0535 Stored XSS in Electronic Library Component Description

A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in...

CVE-2026-0534 Stored XSS in the value of a part attribute

A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the...

CVE-2026-0533 Stored XSS in Fusion desktop when attempting to delete a file

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...

CVE-2026-0533

Technical details (affected product/version, root cause, exploit specifics, impact, or fixes) are not publicly available in the provided documents. Monitor for updates from Autodesk and security advisories to obtain concrete details and remediation guidance.

CVE-2025-69319 WordPress Beaver Builder plugin <= 2.9.4.1 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Code Injection.This issue affects Beaver Builder: from n/a through = 2.9.4.1...

CVE-2025-69319

CVE-2025-69319 is an authenticated (Contributor+) remote code execution vulnerability in Beaver Builder Page Builder (Beaver Builder Lite) affecting versions up to 2.9.4.1. The issue is described as an arbitrary code execution via code generation/injection. The Wordfence vulnerability report conf...

CVE-2025-69001

CVE-2025-69001 affects the WordPress plugin FluentForm (FluentForm/fluentform) up to version 6.1.11. The issue is an Improper Control of Generation of Code (Code Injection) that enables Arbitrary Shortcode Execution. Public sources (NVD/Red Hat/ CVE records) confirm the vulnerability and indicate...

CVE-2025-67944 WordPress Nelio AB Testing plugin <= 8.1.8 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through = 8.1.8...

CVE-2025-67944 WordPress Nelio AB Testing plugin <= 8.1.8 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through = 8.1.8...

CVE-2025-67944

CVE-2025-67944 (Nelio AB Testing) : WordPress plugin Nelio AB Testing (versions

GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write

A flaw was found in GnuPG. An attacker can provide crafted input to the armorfilter function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code...

Important: Red Hat Security Advisory: gnupg2 security update

An update for gnupg2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabilit...

Arbitrary Code Execution

Orval is vulnerable to Arbitrary Code Execution. The vulnerability is due to unsanitized embedding of untrusted OpenAPI fields, where attacker-controlled values in the x-enumDescriptions field are injected without proper escaping during enum generation, resulting in executable JavaScript/TypeScri...

Delta Electronics DIAView

RISK EVALUATION Successful exploitation of this vulnerability could enable an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact...