The vulnerability of the PDF document viewing program Foxit PDF Reader (formerly Foxit Reader) and the PDF file editing program Foxit PDF Editor (formerly Foxit PhantomPDF) is related to a bug in pointer handling after memory release, allowing an attacker to execute arbitrary code.

The vulnerability of the PDF document viewing program Foxit PDF Reader formerly Foxit Reader and the PDF file editing program Foxit PDF Editor formerly Foxit PhantomPDF is related to a bug in the handling of pointers after memory release during the processing of AcroForm objects. Exploiting this...

CVE-2024-12200

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

PT-2025-2776

Name of the Vulnerable Software and Affected Versions: OFFIS DCMTK version 3.6.8 Description: An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a maliciou...

CVE-2024-54091

A vulnerability has been identified in Solid Edge SE2024 All versions V224.0 Update 12, Solid Edge SE2025 All versions V225.0 Update 3. The affected application contains an out of bounds write past the end of an allocated buffer while parsing XT data or a specially crafted file in XT format. This...

Nav2 安全漏洞

Nav2 is the ROS community's navigation framework and system for ROS2. A security vulnerability exists in Nav2 that originates from the nav2amcl process containing a buffer overflow. An attacker exploiting the vulnerability can be triggered by sending a carefully crafted .yaml file...

The vulnerability of the ASMKERN229A.dll library, a software for simulation, design, and drawing in AutoCAD, allows a perpetrator to execute arbitrary code.

The vulnerability of the ASMKERN229A.dll software for simulation, design, and drawing in AutoCAD is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code using a specially created SLDPRT file...

The vulnerability of the 3D model texturing software Adobe Substance 3D Painter, related to reading beyond the buffer boundary in memory, allows a hacker to execute arbitrary code.

The vulnerability of the 3D model texturing software Adobe Substance 3D Painter lies in the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code within the context of the current user, using a specially created file...

The vulnerability of the 3D model texturing software Adobe Substance 3D Painter, related to the occurrence of operations outside the buffer boundaries in memory, allows attackers to gain unauthorized access to protected information.

The vulnerability of the 3D model texturing software Adobe Substance 3D Painter lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially created file...

The vulnerability of the 3D model texturing software Adobe Substance 3D Painter, related to reading beyond the buffer boundary in memory, allows a hacker to execute arbitrary code.

The vulnerability of the 3D model texturing software Adobe Substance 3D Painter lies in the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code within the context of the current user, using a specially created file...

The vulnerability of the Updater component of the Google Chrome browser, which allows a hacker to escalate their privileges.

The vulnerability of the Updater component in Google Chrome relates to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to enhance their privileges by sending a specially crafted malicious file...

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

The vulnerability of the read_samples() function in the voc.c component of the SoX sound processing software allows a hacker to cause a service failure.

The vulnerability of the readsamples function in the SoX sound processing component voc.c is related to the lack of checks for division by zero. Exploiting this vulnerability allows a attacker to cause a service failure using a specially created file...

The vulnerability of the File Transfer Protocol (FTP) implementation in the microprogrammed network devices of Zyxel ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN allows a perpetrator to execute arbitrary commands.

The vulnerability of the File Transfer Protocol FTP implementation in the microprogrammed network devices Zyxel ATP, USG FLEX, and USG FLEX 50W/USG20W-VPN is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability...

Mattermost Denial of Service Vulnerability (CNVD-2025-12774)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial-of-service vulnerability that stems from a failure to time and size limit CA path files in the ElasticSearch configuration, which can be exploited by an attacker to add...

PT-2024-29290 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: SKYSEA Client View versions 6.010.06 through 19.210.04e Description: The issue allows for incorrect privilege assignment. If a user with login access to the PC where the Windows client is installed places a specially crafted DLL file in a...

The vulnerability of the nvdisasm utility in the NVIDIA CUDA Toolkit, a parallel computing software suite for graphics processors, allows a malicious actor to cause a system failure.

The vulnerability of the nvdisasm utility in the NVIDIA CUDA Toolkit for parallel computing on Graphics Processing Units is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to cause a system failure using a specially creat...

The vulnerability of the JT Open Toolkit (JTTK) and PLM XML SDK development tools is related to pointer assignment errors, which allow attackers to trigger a service failure.

The vulnerability of the JT Open Toolkit JTTK and PLM XML SDK development tools is related to pointer dereferencing errors. Exploiting this vulnerability can allow an attacker to trigger a service failure by loading a specially created malicious XML file...

The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, and Adobe Acrobat 2020/Adobe Acrobat Reader 2020 involve memory management issues after memory is freed, allowing attackers to execute arbitrary code.

The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Acrobat Reader 2020 is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary...

CVE-2023-48643

Shrubbery tacplus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tacplus.cfg configuration file. These are executed when a client sends an authorization request with a...

SUSE CVE-2024-28130

An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOIPList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...