CVE-2025-4866

A vulnerability was found in weibocom rill-flow 0.1.18. It has been classified as critical. Affected is an unknown function of the component Management Console. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

CVE-2025-4866 weibocom rill-flow Management Console code injection

A vulnerability was found in weibocom rill-flow 0.1.18. It has been classified as critical. Affected is an unknown function of the component Management Console. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

CVE-2025-4767 defog-ai introspect Test Endpoint integration_routes.py test_custom_tool code injection

A vulnerability was found in defog-ai introspect up to 0.1.4. It has been rated as critical. Affected by this issue is the function testcustomtool of the file introspect/backend/integrationroutes.py of the component Test Endpoint. The manipulation of the argument inputmodel leads to code injectio...

CVE-2025-48175

creationtimestamp| type| source ---|---|--- 2025-05-16 05:34:35+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16628 2025-08-17 20:17:34+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwmpc3422c2w...

CVE-2025-30379

Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

CVE-2025-24022 iTop server vulnerable to portal code injection

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1...

CVE-2025-43569

Substance3D - Stager versions 3.1.1 and earlier have an out-of-bounds write vulnerability (CWE-787) that could allow arbitrary code execution in the current user context. Exploitation requires user interaction (victim opens a malicious file). Affected product/versions are confirmed across CVE ent...

CVE-2025-43570 Substance3D - Stager | Use After Free (CWE-416)

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-30324

Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

CVE-2024-35281

An improper isolation or compartmentalization vulnerability CWE-653 in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variabl...

CVE-2024-35281

An improper isolation or compartmentalization vulnerability CWE-653 in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variabl...

PT-2025-21040 · Dimension · Dimension

Name of the Vulnerable Software and Affected Versions: Dimension versions 4.1.2 and earlier Description: The issue is an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. To exploit this problem, it is necessary for the victim to...

PT-2025-20983 · Adobe · Indesign Desktop

Name of the Vulnerable Software and Affected Versions: InDesign Desktop versions ID19.5.2, ID20.2 and earlier Description: The issue is an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...

PT-2025-23171 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.178 Description: The issue is related to the deserialization of untrusted data due to insufficient validation, allowing arbitrary code execution. This occurs when a string with a serialized object is passed...

PT-2025-21039 · Adobe · Substance3D - Stager

Name of the Vulnerable Software and Affected Versions: Substance3D - Stager versions 3.1.1 and earlier Description: The issue is a "Use After Free" vulnerability that could result in arbitrary code execution in the context of the current user. To exploit this problem, the victim must open a...

PT-2025-23172 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.178 Description: The issue is related to insufficient validation of user input in the php path parameter, allowing code injection. This occurs because backticks characters and tabulation are not removed from us...

PT-2025-20824 · Conda Forge +2 · Conda-Forge Openssl-Feedstock +2

Name of the Vulnerable Software and Affected Versions: conda-forge openssl-feedstock versions before 066e83c 2024-05-20 Miniforge versions before 24.5.0 Description: The issue concerns a configuration in conda-forge openssl-feedstock on Microsoft Windows, where OpenSSL uses an OPENSSLDIR file pat...

PT-2025-21037 · Adobe · Substance3D - Stager

Name of the Vulnerable Software and Affected Versions: Substance3D - Stager versions 3.1.1 and earlier Description: The issue is an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...

PT-2025-20859 · Siemens · Teamcenter Visualization

Name of the Vulnerable Software and Affected Versions: Teamcenter Visualization versions prior to V14.3.0.14 Teamcenter Visualization versions prior to V2312.0010 Teamcenter Visualization versions prior to V2406.0008 Teamcenter Visualization versions prior to V2412.0004 Description: A vulnerabili...

PT-2025-21034 · Adobe · Substance3D - Stager

Name of the Vulnerable Software and Affected Versions: Substance3D - Stager versions 3.1.1 and earlier Description: The issue is a "Use After Free" vulnerability that could result in arbitrary code execution in the context of the current user. To exploit this problem, user interaction is required...