743 matches found
CVE-2024-2325
The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchll parameter in all versions up to, and including, 7.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
PT-2026-1560
Name of the Vulnerable Software and Affected Versions WP Photo Album Plus plugin for WordPress versions up to and including 9.1.05.008 Description The WP Photo Album Plus plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the shortcode parameter. Insufficient input...
CVE-2025-20802
In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10238968; Issue ID: MSV-4914...
CVE-2025-20783
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4684...
CVE-2025-20786
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673...
CVE-2025-20782
The CVE-2025-20782 issue affects MediaTek chipsets, involving an out-of-bounds write caused by a missing bounds check. The vulnerability could allow local escalation of privilege to System if an attacker already holds System privileges, with no user interaction required. A patch is identified as ...
CVE-2025-20762
CVE-2025-20762 affects MediaTek Modem with a vulnerability in error handling that can cause a system crash and remote denial of service when a UE connects to a rogue base station. Exploitation requires no user interaction and no additional privileges. The advisory lists Patch ID MOLY01685181 and ...
CVE-2025-20795
CVE-2025-20795 describes an out-of-bounds write in the KeyInstall component caused by a missing bounds check, enabling local escalation to System privileges. Exploitation does not require user interaction per the description. Public records reference a patch: ALPS10276761 (MSV-5141). The CVSS met...
CVE-2025-64123
The vulnerability CVE-2025-64123 concerns the Nuvation Energy Multi-Stack Controller (MSC) . Affected are MSC releases up to and including 2.5.1 , where an unintended proxy or intermediary behavior can enable a form of Network Boundary Bridging . The issue is described consistently across sources...
CVE-2025-15270
FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit ...
Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SK...
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The...
CVE-2025-14402
PDFsam Enhanced DOC File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a...
CVE-2025-13707
Tencent HunyuanDiT modelresume Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanDiT. User interaction is required to exploit this vulnerability in that the target...
CVE-2025-13710
Tencent HunyuanVideo loadvae Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanVideo. User interaction is required to exploit this vulnerability in that the target...
EUVD-2025-204990
Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must...
CVE-2025-14403
PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicio...
CVE-2025-12839 Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this...
CVE-2025-13716 Tencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability
Tencent MimicMotion createpipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MimicMotion. User interaction is required to exploit this vulnerability in that the...
CVE-2025-13716 Tencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability
Tencent MimicMotion createpipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MimicMotion. User interaction is required to exploit this vulnerability in that the...