PT-2025-31662 · Hashicorp · Vault +1

Name of the Vulnerable Software and Affected Versions: Vault versions prior to 1.20.1 Vault Enterprise versions prior to 1.20.1 Vault Enterprise version 1.19.7 Vault Enterprise version 1.18.12 Vault Enterprise version 1.16.23 Description: The Time-based One-Time Password TOTP Secrets Engine in...

(0Day) (Pwn2Own) Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results...

PT-2025-31676 · Freshrss · Freshrss

Name of the Vulnerable Software and Affected Versions: FreshRSS versions 1.26.1 and below Description: FreshRSS is a free, self-hostable RSS aggregator. An authenticated administrator user can execute arbitrary code on the FreshRSS server by modifying the update URL to one they control, and gain...

PT-2025-31605 · Unknown · Code-Projects Online Movie Streaming

Name of the Vulnerable Software and Affected Versions: code-projects Online Movie Streaming version 1.0 Description: A critical issue exists in code-projects Online Movie Streaming 1.0 related to missing authorization. The vulnerability is located in an unknown functionality of the...

CVE-2025-26063

An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted payload into the ESSID name when creating a network...

CVE-2025-54583 GitProxy bypasses approvals when pushing multiple branches

GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted...

CVE-2025-25691

A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request...

CVE-2025-8326 code-projects Exam Form Submission delete_s7.php sql injection

A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/deletes7.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...

CVE-2025-25692

A PHAR deserialization vulnerability in the getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request...

CVE-2025-25691

A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request...

CVE-2025-46059

langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application via a crafted email message. NOTE: this is disputed by the Supplier because the...

Apple macOS USD importMeshes Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the USD library. T...

Apple macOS USD importMeshJointWeights Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the USD library. T...

CVE-2025-46059

langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application via a crafted email message. NOTE: this is disputed by the Supplier because the...

Apple macOS MediaToolbox Framework Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the MediaToolbox...

CVE-2025-8164

A vulnerability has been found in code-projects Public Chat Room 1.0 and classified as critical. This vulnerability affects unknown code of the file sendmessage.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

CVE-2025-54440

Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0...

CVE-2025-46199

The CVE-2025-46199 entry concerns Grav CMS. Affected software: Grav prior to version 1.7.49. Issue: Cross-Site Scripting via crafted scripts in form fields due to insufficient input validation. Impact described as arbitrary code execution with high severity (per the initial data: CVSS 3.1 vector ...

PT-2025-30943 · Skops +1 · Skops +1

Vulnerability Summary Name of the Vulnerable Software and Affected Versions: skops versions 0.11.0 and below Description: skops is a Python library used for sharing and shipping scikit-learn based models. An inconsistency in the OperatorFuncNode allows exploitation to hide the execution of...

CVE-2025-7321

IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...