120957 matches found
CVE-2023-53940 Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File
Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...
CVE-2023-53942 File Thingie 2.5.7 Authenticated Arbitrary File Upload Remote Code Execution
File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with ...
GHSA-529F-9QWM-9628 tinacms is vulnerable to arbitrary code execution
Summary tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. Details The gray-matter package executes by default the code in the markdown file's front matter. tinacms...
tinacms is vulnerable to arbitrary code execution
Summary tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. Details The gray-matter package executes by default the code in the markdown file's front matter. tinacms...
CVE-2025-68278 tinacms vulnerable to arbitrary code execution
Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cl...
CVE-2025-68278
CVE-2025-68278 affects tinacms prior to 3.1.1, where insecure use of the gray-matter package allows attackers who can control markdown front matter (e.g., blog posts) to execute arbitrary code. The issue spans tinacms, @tinacms/cli (v2.0.4), and @tinacms/graphql (v2.0.3). A fix is available in ti...
CVE-2025-53000
A flaw was found in nbconvert, specifically in the jupyter nbconvert tool on Windows. A third party can exploit this vulnerability by creating a malicious inkscape.bat file in a directory. When a user then converts a Jupyter notebook containing SVG output to a PDF from this directory, the malicio...
CVE-2025-64466
There is an out of bounds read vulnerability in NI LabVIEW in lvre!ExecPostedProcRecPost when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...
CVE-2025-64462
There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...
CVE-2025-64464
There is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. Th...
CVE-2025-64467
There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...
CVE-2025-64463
There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...
CVE-2025-14861
Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146.0.1...
CVE-2025-64469 Stack-based Buffer Overflow in LVResource::DetachResource() in NI LabVIEW
There is a stack-based buffer overflow vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially...
CVE-2025-64467
NI LabVIEW
CVE-2025-64466 Out-of-Bounds Read in lvre!ExecPostedProcRecPost() in NI LabVIEW
There is an out of bounds read vulnerability in NI LabVIEW in lvre!ExecPostedProcRecPost when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...
CVE-2025-64465
CVE-2025-64465 is an out-of-bounds read in NI LabVIEW’s lvre!DataSizeTDR() when parsing a corrupted VI file. Affected: NI LabVIEW 2025 Q3 (25.3) and earlier. Impact: information disclosure or arbitrary code execution if a user opens a specially crafted VI. Exploitation condition: user interaction...
CVE-2025-64465 Out-of-Bounds Read in lvre!DataSizeTDR() in NI LabVIEW
There is an out of bounds read vulnerability in NI LabVIEW in lvre!DataSizeTDR when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This...
CVE-2025-64464 Out-of-Bounds Read in lvre!VisaWriteFromFile() in NI LabVIEW
There is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. Th...
CVE-2025-64464
NI LabVIEW is affected by an out-of-bounds read in lvre!VisaWriteFromFile() when parsing a corrupted VI file. Successful exploitation may disclose information or allow arbitrary code execution; exploitation requires a user to open a crafted VI. Impact described for LabVIEW 2025 Q3 (25.3) and earl...