Lucene search
K

120957 matches found

Cvelist
Cvelist
added 2025/12/18 7:57 p.m.19 views

CVE-2023-53940 Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...

8.4CVSS0.00166EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/18 7:53 p.m.3 views

CVE-2023-53942 File Thingie 2.5.7 Authenticated Arbitrary File Upload Remote Code Execution

File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with ...

9.4CVSS7.4AI score0.00497EPSS
Exploits1References3
OSV
OSV
added 2025/12/18 6:45 p.m.1 views

GHSA-529F-9QWM-9628 tinacms is vulnerable to arbitrary code execution

Summary tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. Details The gray-matter package executes by default the code in the markdown file's front matter. tinacms...

8.6CVSS6.6AI score0.00393EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/12/18 6:45 p.m.84 views

tinacms is vulnerable to arbitrary code execution

Summary tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. Details The gray-matter package executes by default the code in the markdown file's front matter. tinacms...

8.8CVSS8.3AI score0.00393EPSS
Exploits1References4Affected Software3
Cvelist
Cvelist
added 2025/12/18 3:27 p.m.27 views

CVE-2025-68278 tinacms vulnerable to arbitrary code execution

Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cl...

8.6CVSS0.00393EPSS
Exploits1References2
CVE
CVE
added 2025/12/18 3:27 p.m.19 views

CVE-2025-68278

CVE-2025-68278 affects tinacms prior to 3.1.1, where insecure use of the gray-matter package allows attackers who can control markdown front matter (e.g., blog posts) to execute arbitrary code. The issue spans tinacms, @tinacms/cli (v2.0.4), and @tinacms/graphql (v2.0.3). A fix is available in ti...

8.8CVSS7AI score0.00393EPSS
Exploits1References2Affected Software3
RedhatCVE
RedhatCVE
added 2025/12/18 3:23 p.m.6 views

CVE-2025-53000

A flaw was found in nbconvert, specifically in the jupyter nbconvert tool on Windows. A third party can exploit this vulnerability by creating a malicious inkscape.bat file in a directory. When a user then converts a Jupyter notebook containing SVG output to a PDF from this directory, the malicio...

8.5CVSS7AI score0.00233EPSS
Exploits1References4
OSV
OSV
added 2025/12/18 3:15 p.m.6 views

CVE-2025-64466

There is an out of bounds read vulnerability in NI LabVIEW in lvre!ExecPostedProcRecPost when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...

8.5CVSS6AI score0.00135EPSS
Exploits0References1
NVD
NVD
added 2025/12/18 3:15 p.m.4 views

CVE-2025-64462

There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

8.5CVSS0.00135EPSS
Exploits0References1
OSV
OSV
added 2025/12/18 3:15 p.m.4 views

CVE-2025-64464

There is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. Th...

8.5CVSS6AI score0.00132EPSS
Exploits0References1
NVD
NVD
added 2025/12/18 3:15 p.m.6 views

CVE-2025-64467

There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

8.5CVSS0.00132EPSS
Exploits0References1
OSV
OSV
added 2025/12/18 3:15 p.m.5 views

CVE-2025-64463

There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...

8.5CVSS6AI score0.00135EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/12/18 3:15 p.m.2 views

CVE-2025-14861

Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146.0.1...

8.8CVSS7.4AI score0.00208EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/18 2:53 p.m.2 views

CVE-2025-64469 Stack-based Buffer Overflow in LVResource::DetachResource() in NI LabVIEW

There is a stack-based buffer overflow vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially...

8.5CVSS7.2AI score0.00134EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 2:40 p.m.13 views

CVE-2025-64467

NI LabVIEW

8.5CVSS6.8AI score0.00132EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/18 2:38 p.m.25 views

CVE-2025-64466 Out-of-Bounds Read in lvre!ExecPostedProcRecPost() in NI LabVIEW

There is an out of bounds read vulnerability in NI LabVIEW in lvre!ExecPostedProcRecPost when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...

8.5CVSS0.00135EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 2:35 p.m.14 views

CVE-2025-64465

CVE-2025-64465 is an out-of-bounds read in NI LabVIEW’s lvre!DataSizeTDR() when parsing a corrupted VI file. Affected: NI LabVIEW 2025 Q3 (25.3) and earlier. Impact: information disclosure or arbitrary code execution if a user opens a specially crafted VI. Exploitation condition: user interaction...

8.5CVSS6.8AI score0.00132EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/18 2:35 p.m.23 views

CVE-2025-64465 Out-of-Bounds Read in lvre!DataSizeTDR() in NI LabVIEW

There is an out of bounds read vulnerability in NI LabVIEW in lvre!DataSizeTDR when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This...

8.5CVSS0.00132EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 2:32 p.m.25 views

CVE-2025-64464 Out-of-Bounds Read in lvre!VisaWriteFromFile() in NI LabVIEW

There is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. Th...

8.5CVSS0.00132EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 2:32 p.m.18 views

CVE-2025-64464

NI LabVIEW is affected by an out-of-bounds read in lvre!VisaWriteFromFile() when parsing a corrupted VI file. Successful exploitation may disclose information or allow arbitrary code execution; exploitation requires a user to open a crafted VI. Impact described for LabVIEW 2025 Q3 (25.3) and earl...

8.5CVSS6.8AI score0.00132EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder