Microsoft Office Code Execution Vulnerability (CNVD-2025-13271)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office due to the use of incompatible types of access to...

Microsoft Office Code Execution Vulnerability (CNVD-2025-13272)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

CVE-2025-43589

InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-43550 Acrobat Reader | Use After Free (CWE-416)

Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

PT-2025-24599 · Unknown · Code-Projects Laundry System

Name of the Vulnerable Software and Affected Versions: code-projects Laundry System version 1.0 Description: A critical vulnerability has been found in the code-projects Laundry System. This issue affects an unknown part of the file /data/ and leads to missing authentication. The attack can be...

PT-2025-24918 · Adobe · Acrobat Reader

Name of the Vulnerable Software and Affected Versions: Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier Description: The issue is a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...

PT-2025-24861

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description The issue is a heap-based buffer overflow that allows an unauthorized attacker to execute code locally. This enables remote attackers to execute arbitrary code and affect the system...

CVE-2025-49131

FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container fastgpt-sandbox is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated...

PT-2025-24436 · Unknown +1 · Wilderforge +1

Name of the Vulnerable Software and Affected Versions: WilderForge affected versions not specified Description: A critical issue has been identified in the WilderForge organization, stemming from the unsafe use of user-controlled variables, such as $ github.event.review.body , directly inside she...

PT-2025-24518 · Unknown · Metalpriceapi

Name of the Vulnerable Software and Affected Versions: MetalpriceAPI versions 1.1.4 and earlier Description: The issue is related to an Improper Control of Generation of Code, also known as 'Code Injection', in MetalpriceAPI. This allows for Code Injection, which can be exploited. Recommendations...

PT-2025-24103 · Unknown · Code-Projects Laundry System

Name of the Vulnerable Software and Affected Versions: code-projects Laundry System version 1.0 Description: A problematic issue was found in the code-projects Laundry System, affecting an unknown part of the file /data/edit laundry.php. The manipulation of the Customer argument leads to cross-si...

PT-2025-24323 · Unknown · Code-Projects Laundry System

Name of the Vulnerable Software and Affected Versions: code-projects Laundry System version 1.0 Description: A vulnerability has been found in the code-projects Laundry System, classified as problematic. This issue affects unknown code of the file /data/edit type.php. The manipulation of the Type...

CVE-2025-47727

CVE-2025-47727 affects Delta Electronics CNCSoft. Multiple connected sources describe a lack of validation of user-supplied files, enabling code execution in the context of the current process when a malicious file is opened. The issue is described as an out-of-bounds write/validation flaw in CNC...

CVE-2025-48390

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to code injection due to insufficient validation of user input in the phppath parameter. The backticks characters are not removed, as well as tabulation is not removed. When checking us...

CVE-2025-48390

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to code injection due to insufficient validation of user input in the phppath parameter. The backticks characters are not removed, as well as tabulation is not removed. When checking us...

CVE-2024-57338

An arbitrary file upload vulnerability in M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file...

PT-2025-23119 · M2Soft · M2Soft Crownix Report & Ers

Name of the Vulnerable Software and Affected Versions: M2Soft CROWNIX Report & ERS versions 5.x through 5.5.14.1070 M2Soft CROWNIX Report & ERS versions 7.x through 7.4.3.960 M2Soft CROWNIX Report & ERS versions 8.x through 8.2.0.345 Description: An arbitrary file upload issue allows attackers to...

CVE-2025-5137

A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sysverifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It is possible to...

CVE-2024-52783

Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file...

CVE-2024-47966

Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process...