4293 matches found
CVE-2025-8767 AnWP Football Leagues <= 0.16.17 - Authenticated (Administrator+) CSV Injection
The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 0.16.17 via the 'downloadcsvplayers' and 'downloadcsvgames' functions. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed...
PT-2025-32836 · Microsoft · Office
Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: A use-after-free vulnerability exists in Microsoft Office, potentially allowing an unauthorized attacker to execute code locally. The vulnerability can be triggered by opening a...
PT-2025-32835 · Microsoft · Office Visio
Name of the Vulnerable Software and Affected Versions: Microsoft Office Visio affected versions not specified Description: A use-after-free issue exists in Microsoft Office Visio that could allow an unauthorized attacker to execute code locally. Recommendations: At the moment, there is no...
PT-2025-32839 · Microsoft · Office Visio
Name of the Vulnerable Software and Affected Versions: Microsoft Office Visio affected versions not specified Description: A use after free issue exists in Microsoft Office Visio that could allow an unauthorized attacker to execute code locally. Recommendations: At the moment, there is no...
PT-2025-32840
Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel affected versions not specified Description: A use-after-free vulnerability exists in Microsoft Office Excel. This allows an unauthorized attacker to execute code locally. The vulnerability enables remote attackers to...
PT-2025-32838
Name of the Vulnerable Software and Affected Versions: Microsoft Office Word affected versions not specified Description: An incorrect conversion between numeric types in Microsoft Office Word can allow an unauthorized attacker to execute code locally. Recommendations: At the moment, there is no...
PT-2025-32797 · Unknown +1 · Graphics Kernel +1
Name of the Vulnerable Software and Affected Versions: Graphics Kernel affected versions not specified Description: An issue exists in the Graphics Kernel where access of a resource using an incompatible type 'type confusion' can allow an authorized attacker to execute code locally...
PT-2025-32760 · Microsoft · Windows Hyper-V +1
Name of the Vulnerable Software and Affected Versions: Windows Hyper-V affected versions not specified Description: Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. The vulnerability allows remote attacke...
PT-2025-32843
Name of the Vulnerable Software and Affected Versions Microsoft Office Word affected versions not specified Microsoft 365 Apps for Enterprise affected versions not specified Microsoft Office affected versions not specified Microsoft Office Long Term Servicing Channel affected versions not specifi...
PT-2025-32847 · Microsoft · Office Excel
Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel affected versions not specified Description: The software contains a use of uninitialized resource issue. This allows an unauthorized attacker to execute code locally. Recommendations: At the moment, there is no...
PT-2025-32846 · Microsoft · Office Excel
Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel affected versions not specified Description: A heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. The vulnerability allows remote attackers to execute arbitrary...
PT-2025-32858
Name of the Vulnerable Software and Affected Versions Microsoft Office Word affected versions not specified Description A use-after-free condition exists in Microsoft Office Word, potentially allowing an unauthorized attacker to execute code locally. This can occur when opening a specially crafte...
PT-2025-32817 · Microsoft · Desktop Windows Manager +1
Name of the Vulnerable Software and Affected Versions: Desktop Windows Manager affected versions not specified Description: A use after free issue exists in Desktop Windows Manager that could allow an authorized attacker to execute code locally. Recommendations: At the moment, there is no...
Security Updates for Microsoft Office Products (August 2025) (macOS)
The version of Microsoft Office for Mac installed on the remote host is affected by multiple vulnerabilities as referenced in the august-12-2025 advisory. - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. CVE-2025-53738, CVE-2025-53784 - Use after...
Siemens COMOS
SUMMARY COMOS before V10.6 is affected by a local arbitrary code execution vulnerability in the integrated Open Design Alliance Drawings SDK. Siemens has released a new version for COMOS and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure,...
CVE-2025-8851
A stack based buffer overflow flaw has been discovered in libTIFF. An attacker with local access may be able to craft input to the readSeparateStripsetoBuffer function in the file tools/tiffcrop.c that triggers this flaw. This issue could allow an attacker to achieve local code execution in the...
CVE-2025-27128
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free...
CVE-2025-24298
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free...
CVE-2025-24298 liteos_a has an UAF vulnerability
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free...
CVE-2025-24298 liteos_a has an UAF vulnerability
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free...