The vulnerability of the Substance 3D Sampler software for creating textures and materials for 3D models lies in its ability to read data beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Substance 3D Sampler software for creating textures and materials for 3D models involves reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current user...

Adobe Substance 3D Sampler 安全漏洞

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. Adobe Substance 3D Designer suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Substance 3D Sampler 缓冲区错误漏洞

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. Adobe Substance 3D Designer suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Substance3D 安全漏洞

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. Adobe Substance 3D Designer suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe InDesign 安全漏洞

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Substance3D 缓冲区错误漏洞

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Substance 3D Designer versions and prior versions, which can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Substance3D 安全漏洞

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. A heap buffer overflow vulnerability exists in Adobe Substance 3D Designer 1.15.0 and earlier versions, which can be exploited by an attacker to execute arbitrary code in the context of the current user...

tsup DOM Clobbering vulnerability

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

CVE-2024-53384

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

Arbitrary Code Injection

Overview org.webjars:prismjs is a lightweight, robust, elegant syntax highlighting library. Affected versions of this package are vulnerable to Arbitrary Code Injection via the document.currentScript lookup process. An attacker can manipulate the web page content and execute unintended actions by...

Prism 代码注入漏洞

Prism is an application from the US-based individual developers of Prism. It is a lightweight, extensible syntax highlighting tool. A security vulnerability exists in Prism 1.29.0 and earlier versions, which stems from the fact that document.currentScript lookups can be obscured by an attacker's...

PT-2025-9728 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A heap-use-after-free READ 4 crash type issue has been identified. The crash state involves gc trace, gs gc reclaim, and ireclaim. Recommendations: At the moment, there is no information abo...

ChurchCRM CurrentFundraiser Parameter Blind SQL Injection Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a blind SQL injection vulnerability that stems from the CurrentFundraiser parameter being directly attached to a SQL query without sufficient cleanup, which can be exploited by an attacker to execute arbitrary SQL querie...

DEBIAN-CVE-2024-57981

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix NULL pointer dereference on certain command aborts If a command is queued to the final usable TRB of a ring segment, the enqueue pointer is advanced to the subsequent link TRB and no further. If the command is late...

AZL-58021 CVE-2024-57981 affecting package kernel for versions less than 5.15.179.1-1

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix NULL pointer dereference on certain command aborts If a command is queued to the final usable TRB of a ring segment, the enqueue pointer is advanced to the subsequent link TRB and no further. If the command is late...

PT-2025-7494 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM versions 5.13.0 and prior Description: A boolean-based and time-based blind SQL Injection vulnerability exists in the DonatedItemEditor functionality, allowing an attacker to execute arbitrary SQL queries. The CurrentFundraiser...

SUSE-SU-2025:0556-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction bsc1235969. - CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages bsc123592...

The vulnerability of the 7Z File Parser component, a archive file processor for the WinZip archive manager, allows a hacker to execute arbitrary code.

The vulnerability of the 7Z File Parser component, a archive file processor for the WinZip archive manager, is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code in the context of the current user, by sending a...

CVE-2025-21160

Illustrator versions 29.1, 28.7.3 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Power: Supply: gpio-charger: Fixed the issue related to setting charge current limits. The issue involved devices that allow the lowest charge current limit to be greater than zero. If the requested charge current limit is below...