PT-2025-39118

Name of the Vulnerable Software and Affected Versions WPCasa plugin for WordPress versions prior to 1.4.2 Description The WPCasa plugin for WordPress is susceptible to Code Injection due to insufficient input validation and restriction on the api requests function. This allows unauthenticated...

CVE-2025-54262

Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...

USN-7741-1 postgresql-14, postgresql-16, postgresql-17 vulnerabilities

Dean Rasheed discovered that PostgreSQL incorrectly handled access control lists. An attacker could possibly use this issue to obtain sensitive information. CVE-2025-8713 Martin Rakhmanov, Matthieu Denais, and RyotaK discovered that the PostgreSQL pgdump utility allowed untrusted data inclusion. ...

CVE-2023-21475

Out-of-bounds Write vulnerability in libaudiosaplussec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code...

CVE-2025-5047 DGN File Parsing Uninitialized Variable Vulnerability

A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-25278

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition...

CVE-2025-4410

CVE-2025-4410 describes a buffer overflow in the SetupUtility module. Multiple sources (NVD/NVD-derived records, Red Hat advisory, CVE lists, and related enrichment) indicate a local-privilege path to arbitrary code execution: an attacker with local high privileges can exploit the issue to run co...

CVE-2025-50164

CVE-2025-50164 is a Windows RRAS vulnerability described as a heap-based buffer overflow in Routing and Remote Access Service. It enables an authorized attacker to execute code over the network (attack vector: network; authentication: low; user interaction required). The CVSS 3.1 basis in the ini...

Web Deploy Remote Code Execution Vulnerability

Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network...

Microsoft Excel Remote Code Execution Vulnerability

Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

Microsoft Message Queuing 安全漏洞

Microsoft Message Queuing is a Microsoft solution for implementing asynchronous and synchronous scenarios that require high performance. A security vulnerability exists in Microsoft Message Queuing. An attacker exploiting this vulnerability could execute code. The following products and versions...

GO-2025-3858 Privileged OpenBao Operator May Execute Code on the Underlying Host in github.com/openbao/openbao

Privileged OpenBao Operator May Execute Code on the Underlying Host in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

Linux Distros Unpatched Vulnerability : CVE-2021-29976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption a...

NVIDIA Triton Inference Server 安全漏洞

Triton Inference Server is a high-performance inference service engine developed by NVIDIA, designed for AI model deployment in production environments, with support for a variety of frameworks TensorFlow, PyTorch, ONNX, etc. and optimized inference performance for GPUs and CPUs. A stack overflow...

PaperCut NG < 20.1.8 / 21.x < 21.2.12 / 22.x < 22.1.1 CSRF

The version of PaperCut NG installed on the remote Windows host is affected by a vulnerability. A Cross-Site Request Forgery CSRF vulnerability has been identified in PaperCut MF/NG, which, under specific conditions, could potentially enable an attacker to alter security settings or execute...

CVE-2025-7033

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose...

PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability

PaperCut NG/MF contains a cross-site request forgery CSRF vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code...

CVE-2025-7917

WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2025-6232

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations...

CVE-2025-6232

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations...