Lucene search
K

120952 matches found

Vulnrichment
Vulnrichment
added 2025/12/19 12:0 a.m.3 views

CVE-2025-63665

An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window...

7.4AI score0.00428EPSS
Exploits0References2
Redos
Redos
added 2025/12/19 12:0 a.m.5 views

ROS-20251219-7306

A vulnerability in the 7-Zip file archiver is related to incorrect symbolic link detection before accessing a file. Exploitation of the vulnerability could allow an attacker to execute arbitrary code if a user opens a specially generated ZIP archive...

7.8CVSS7.7AI score0.00517EPSS
Exploits1
Zero Day Initiative
Zero Day Initiative
added 2025/12/19 12:0 a.m.8 views

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SAS...

7.8CVSS7.5AI score0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.4 views

GT Edge AI 安全漏洞

GT Edge AI is an edge AI solution from US-based GT Edge AI. A security vulnerability exists in versions prior to GT Edge AI v2.0.10-dev, which originates from the injection of a specially crafted JSON payload that could lead to the execution of arbitrary code...

9.8CVSS7.1AI score0.00428EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.7 views

Foxit PDF Reader和Foxit PDF Editor 安全漏洞

Foxit PDF Reader and Foxit PDF Editor are both products of Foxit, a Chinese company.Foxit PDF Reader is a PDF reader.Foxit PDF Editor is a PDF editor. A security vulnerability exists in Foxit PDF Reader and Foxit PDF Editor versions prior to 2025.2.1, prior to 14.0.1, and prior to 13.2.1, which...

7.8CVSS6.6AI score0.00255EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/19 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-14946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This...

4.8CVSS6.3AI score0.00118EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/12/19 12:0 a.m.5 views

Huawei EulerOS: Security Advisory for EDK2 (EulerOS-SA-2025-2571)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7CVSS6.7AI score0.00214EPSS
Exploits0References2
Talos
Talos
added 2025/12/19 12:0 a.m.8 views

Foxit Reader Text Widget Format Use-After-Free Vulnerability

Talos Vulnerability Report TALOS-2025-2278 Foxit Reader Text Widget Format Use-After-Free Vulnerability December 19, 2025 CVE Number CVE-2025-59488 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader handles a Text Widget field object. A specially crafted JavaScript code inside ...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.5 views

CVE-2025-68433

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...

7.7CVSS7.7AI score0.00252EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.5 views

CVE-2025-68432

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...

7.7CVSS7.8AI score0.0027EPSS
Exploits1References1
Snyk
Snyk
added 2025/12/18 10:58 p.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via crafted symbolic links in the repository. An attacker can access sensitive files on the server filesystem by creating and referencing symbolic links that point to arbitrary locations. Details A Directory Traversa...

7.7CVSS7.5AI score0.00344EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/18 10:3 p.m.4 views

EUVD-2025-203957

nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows...

8.5CVSS6.9AI score0.00233EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/12/18 10:3 p.m.11 views

nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows

Summary On Windows, converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a inkscape.bat file that defines a Windows batch script, capable of arbitrary code execution. When a user runs jupyter nbconvert --to pdf on a...

8.5CVSS7.6AI score0.00233EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2025/12/18 7:57 p.m.11 views

CVE-2023-53940

CVE-2023-53940 affects Codigo Markdown Editor 1.0.1 (Electron). The vulnerability arises from handling of markdown files where an embedded video source with an onerror event can trigger arbitrary shell commands via Node.js child_process, enabling code execution when the file is opened. Public ind...

8.4CVSS7.5AI score0.00166EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/18 7:57 p.m.5 views

CVE-2023-53940 Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...

8.4CVSS7.5AI score0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/18 7:57 p.m.19 views

CVE-2023-53940 Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...

8.4CVSS0.00166EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/18 7:53 p.m.3 views

CVE-2023-53942 File Thingie 2.5.7 Authenticated Arbitrary File Upload Remote Code Execution

File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with ...

9.4CVSS7.4AI score0.00497EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/12/18 6:45 p.m.82 views

tinacms is vulnerable to arbitrary code execution

Summary tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. Details The gray-matter package executes by default the code in the markdown file's front matter. tinacms...

8.8CVSS8.3AI score0.00393EPSS
Exploits1References4Affected Software3
OSV
OSV
added 2025/12/18 6:45 p.m.1 views

GHSA-529F-9QWM-9628 tinacms is vulnerable to arbitrary code execution

Summary tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. Details The gray-matter package executes by default the code in the markdown file's front matter. tinacms...

8.6CVSS6.6AI score0.00393EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/18 3:27 p.m.27 views

CVE-2025-68278 tinacms vulnerable to arbitrary code execution

Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cl...

8.6CVSS0.00393EPSS
Exploits1References2
Rows per page
Query Builder