IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

PT-2025-28553

Name of the Vulnerable Software and Affected Versions: Windows Hyper-V affected versions not specified Description: The issue is an out-of-bounds read that allows an unauthorized attacker to execute code locally. Recommendations: At the moment, there is no information about a newer version that...

PT-2025-28639 · Dimension · Dimension

Name of the Vulnerable Software and Affected Versions: Dimension versions 4.1.2 and earlier Description: The issue is an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where ...

PT-2025-28493 · Adobe · Substance3D - Designer

Name of the Vulnerable Software and Affected Versions: Substance3D - Designer versions 14.1 and earlier Description: The issue is an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...

PT-2025-28617 · Microsoft · Windows Routing/Remote Access Service +1

Name of the Vulnerable Software and Affected Versions: Windows Routing and Remote Access Service RRAS affected versions not specified Description: A heap-based buffer overflow issue in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

PT-2025-28405 · Unknown · Code-Projects E-Commerce Website

Name of the Vulnerable Software and Affected Versions: code-projects E-Commerce Site version 1.0 Description: A critical issue has been found in the code-projects E-Commerce Site, affecting an unknown function of the file /admin/users photo.php. The manipulation of the photo argument leads to...

PT-2025-28492 · Adobe · Substance3D - Designer

Name of the Vulnerable Software and Affected Versions: Substance3D - Designer versions 14.1 and earlier Description: The issue is an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...

CVE-2025-6663 GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

CVE-2025-7101 BoyunCMS Configuration File install_ok.php code injection

A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects an unknown part of the file /install/installok.php of the component Configuration File Handler. The manipulation of the argument dbpass leads to code injection. It is possible to initiate the atta...

CVE-2025-27358

CVE-2025-27358 is a Content Injection (XSS) vulnerability affecting the WordPress plugin “Frontend File Manager” up to version 23.2. The issue arises from improper neutralization of script-related HTML tags in the web page, enabling code injection. Public details in the initial data indicate affe...

CVE-2025-43711

Tunnelblick 3.5beta06 before 7.0 is vulnerable to arbitrary code execution as root on the next boot when a crafted Tunnelblick.app is dragged into /Applications, due to incomplete uninstallation. Affected: Tunnelblick versions 3.5beta06–7.0 (per conflicting sources). Remediation: upgrade to a new...

CVE-2025-34060 Monero Forum Remote Code Execution via Arbitrary File Read and Cookie Forgery

A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to filegetcontents without validation. MIME type checks using...

CVE-2025-0634

CVE-2025-0634 Reports a Use After Free in Samsung Open Source rlottie (V0.2) that enables Remote Code Inclusion. Affected component: rlottie library used by Samsung, with NVD listing a 3.1 base score of 9.8 (CRITICAL) and impact to Confidentiality, Integrity, Availability. The TencentOSS/Tenables...

PT-2025-27429 · Unknown · Code-Projects Library System

Name of the Vulnerable Software and Affected Versions: code-projects Library System version 1.0 Description: A critical vulnerability has been found in the code-projects Library System, affecting unknown code of the file /add-book.php. The manipulation of the image argument leads to unrestricted...

PT-2025-27463 · Code Projects · Code-Projects Online Hotel Booking

Name of the Vulnerable Software and Affected Versions: code-projects Online Hotel Booking version 1.0 Description: A critical vulnerability has been found in the code-projects Online Hotel Booking software. This issue affects unknown code of the file /admin/registration.php. The manipulation of t...

CVE-2025-6837 code-projects Library System profile.php unrestricted upload

A vulnerability classified as critical was found in code-projects Library System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

PT-2025-27336 · Unknown · Code-Projects Library System

Name of the Vulnerable Software and Affected Versions: code-projects Library System version 1.0 Description: A critical vulnerability has been found in the code-projects Library System. The issue affects an unknown function of the file /profile.php. The manipulation of the phone argument leads to...

PT-2025-27345 · Unknown · Code-Projects Simple Forum

Name of the Vulnerable Software and Affected Versions: code-projects Simple Forum version 1.0 Description: A critical vulnerability was found in the code-projects Simple Forum. The issue affects an unknown functionality of the file /signin.php. The manipulation of the User argument leads to SQL...

PT-2025-27352 · Unknown · Code-Projects Simple Forum

Name of the Vulnerable Software and Affected Versions: code-projects Simple Forum version 1.0 Description: A problem was found in an unknown function of the file /forum edit1.php. The manipulation of the argument text leads to cross site scripting. It is possible to launch the attack remotely. Th...

PT-2025-27351 · Code Projects · Code-Projects Simple Forum

Name of the Vulnerable Software and Affected Versions: code-projects Simple Forum version 1.0 Description: A critical issue has been found in the processing of the file /forum1.php, allowing unrestricted upload through the manipulation of the File argument. This can be initiated remotely. The...