Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A NULL pointer dereference flaw was discovered in the az6027 driver, located in the file drivers/media/usb/dev-usb/az6027.c within the Linux Kernel. The message from the user space is not properly checked before being transferred to the device. This flaw could allow a local user to crash the syst...

Fortinet FortiSandbox hcproxy Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiSandbox. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the handling of HA cluster paths. The issue results from the lack of proper...

EUVD-2024-38286

Malicious code in bioql PyPI...

Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Foxit PDF Reader Buffer Overflow Vulnerability (CNVD-2025-00955)

Foxit PDF Reader is China Foxit Foxit company a PDF reader. A buffer overflow vulnerability exists in Foxit PDF Reader version 2024.2.3.25184, which stems from a lack of proper validation of user-supplied data, resulting in the reading of data beyond the end of the allocated buffer, and can be...

Booking Calendar < 9.1.1 - PHP Object Injection

The plugin unserializes user data without being validated first, which could allow attackers to perform PHP object injection attack. If a timeline is published, unauthenticated attackers could perform such attack, otherwise any authenticated could. A suitable POP chain, from another plugin for...

IBM Cloud Pak for Applications 跨站脚本漏洞

IBM Cloud Pak for Applications is an application from IBM USA, Inc. A cross-site scripting vulnerability exists in IBM Cloud Pak for Applications, which stems from the product's lack of validation of user-side data, and could be exploited by an attacker to execute client-side code and potentially...

Microsoft 3D Viewer FBX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Foxit Reader XFA record remove remote code execution vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the XFA record remove method, which can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of proper validation of user-supplied data...

Foxit Reader Heap Buffer Overflow Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in BMP graphics parsing, which can be exploited by an attacker to execute arbitrary code in the context of the current process, due to a lack of proper validation of user-supplied data...