CVE-2025-7312

IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2025-54072

yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...

CVE-2025-8030

CVE-2025-8030 is publicly known and tied to an insufficent escaping in the “Copy as cURL” feature that could lead to code execution. The connected Astra Linux and Amazon/Linux advisories confirm the issue affects Firefox and Thunderbird across multiple tracks (e.g., Firefox < 141, Firefox ESR ...

CVE-2025-8030 Potential user-assisted code execution in “Copy as cURL” command

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2025-7323

IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2025-7293

IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2025-7271

IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2025-7305

The CVE-2025-7305 entry concerns the IrfanView CADImage Plugin. Affected component: DWG file parsing within the plugin. Root cause: insufficient validation of user-supplied data during DWG parsing, leading to memory corruption. Impact: remote code execution in the context of the vulnerable proces...

CVE-2025-7296

CVE-2025-7296 concerns IrfanView CADImage Plugin. The flaw lies in parsing DXF files, where lack of input validation can cause memory corruption, enabling arbitrary code execution in the plugin process. Impact is remote code execution with the attacker controlling the context after the user visit...

CVE-2025-7270 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2025-7262 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

GO-2025-3802 Helm vulnerable to Code Injection through malicious chart.yaml content in helm.sh/helm

Helm vulnerable to Code Injection through malicious chart.yaml content in helm.sh/helm...

CVE-2025-0664

A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges...

GHSA-68R2-FWCG-QPM8

creationtimestamp| type| source ---|---|--- 2025-07-16 05:32:18+00:00| seen| https://gist.github.com/safer-bot/ac258bea45025717f0ed3e9461a069c2...

GHSA-P53J-G8PW-4W5F

creationtimestamp| type| source ---|---|--- 2025-07-16 04:24:10+00:00| seen| https://gist.github.com/safer-bot/930216c8ddbe20a630c79f2785e35eec 2025-07-16 09:49:54+00:00| seen| https://gist.github.com/safer-bot/57636fb56c908ea716ca50f36824e43c 2025-07-16 16:29:07+00:00| seen|...

CVE-2025-51650

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file...

CVE-2025-41236 VMXNET3 integer-overflow vulnerability

VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3...

CVE-2025-7042

Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT file...

CVE-2025-6971

Concrete details available: CVE-2025-6971 is a Use After Free vulnerability in SOLIDWORKS eDrawings (CATPRODUCT file reading) affecting SOLIDWORKS Desktop 2025 prior to SP3. The underlying issue is a use-after-free in CATPRODUCT parsing, enabling arbitrary code execution when opening a crafted CA...

RHEL 8 : emacs (RHSA-2025:11030)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:11030 advisory. GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the...