CVE-2025-8435

A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched...

CVE-2025-53009

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions 1.39.2 and below, when parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stac...

CVE-2025-53009 MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions 1.39.2 and below, when parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stac...

CVE-2025-54752

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed...

CVE-2025-54752

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed...

CVE-2025-8253

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as critical. This affects an unknown part of the file /admin/deletes6.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-43224

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory...

CVE-2025-45893

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via SVG file uploads used in blog posts. The vulnerability arises because SVG files uploaded through the media manager are not properly sanitized. Attackers can craft a malicious SVG file containing embedded...

CVE-2025-51858

Self Cross-Site Scripting XSS vulnerability in ChatPlayground.ai through 2025-05-24, allows attackers to execute arbitrary code and gain sensitive information via a crafted SVG file contents sent through the chat component...

CVE-2025-7235 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2025-46001

An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-46000

An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...

CVE-2025-51650

FoxCMS v1.2.6 has an arbitrary file upload vulnerability in the /controller/PicManager.php component that allows code execution via a crafted template file. The CVE is CVE-2025-51650. A PoC is indicated in the vulnerability metrics, suggesting exploit guidance exists. Impact is limited to remote ...

CVE-2025-7547 Campcodes Online Movie Theater Seat Reservation System admin_class.php save_movie unrestricted upload

A vulnerability, which was classified as critical, was found in Campcodes Online Movie Theater Seat Reservation System 1.0. This affects the function savemovie of the file /admin/adminclass.php. The manipulation of the argument cover leads to unrestricted upload. It is possible to initiate the...

CVE-2025-7537

CVE-2025-7537 affects Campcodes Sales and Inventory System 1.0. The vulnerability is an SQL injection in the file “/pages/product_update.php” caused by improper handling of the ID parameter, enabling remote exploitation. Public exploit/disclosure is noted. Impact is described as high/critical dep...

Azure Linux 3.0 Security Update: ansible (CVE-2024-9902)

The version of ansible installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9902 advisory. - A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create ...

CVE-2025-40740

A vulnerability has been identified in Solid Edge SE2025 All versions V225.0 Update 5. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the curre...

CVE-2025-7131

A vulnerability was found in Campcodes Payroll Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=saveemployeeattendance. The manipulation of the argument employeeid leads to sql injection. The attack ca...

The vulnerability of the CADImage plugin in the IrfanView software, which is used for viewing and playing graphic, video, and audio files, allows a hacker to execute arbitrary code.

The vulnerability of the CADImage plugin in IrfanView, a program for viewing and playing graphic, video, and audio files, relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially...

CVE-2025-40739

Summary (CVE-2025-40739) : Siemens Solid Edge SE2025 prior to V225.0 Update 5 contains an out-of-bounds read while parsing specially crafted PAR files, which can lead to code execution in the process context. This vulnerability affects Solid Edge SE2025 versions before the Update 5 release. Accor...