PT-2025-16139 · Mediawiki · Mediawiki - Tabs Extension

Name of the Vulnerable Software and Affected Versions: Mediawiki - Tabs Extension versions 1.39 through 1.43 Description: The issue is related to an Improper Input Validation vulnerability that allows Code Injection in the Mediawiki - Tabs Extension. Recommendations: For versions 1.39 through 1.4...

CVE-2025-2632

Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects ...

Microsoft Office Code Execution Vulnerability (CNVD-2025-10657)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

Microsoft Office Code Execution Vulnerability (CNVD-2025-10659)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

Microsoft Office Code Execution Vulnerability (CNVD-2025-10660)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

Microsoft Office Code Execution Vulnerability (CNVD-2025-10658)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

EUVD-2025-11915

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security protections...

CVE-2025-30298 Adobe Framemaker | Stack-based Buffer Overflow (CWE-121)

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-29823

The CVE-2025-29823 entry describes a use-after-free vulnerability in Microsoft Excel (part of Microsoft Office) that enables local arbitrary code execution. The initial description states an unauthorized attacker could execute code locally due to the flaw. Connected documents corroborate exposure...

CVE-2025-3285

Rockwell Automation Arena is affected by local code execution bugs (CVE-2025-3285) caused by improper validation of user-supplied data, enabling a threat actor to read outside the allocated memory buffer. Exploitation requires a legitimate user to open a malicious DOE file, allowing information d...

CVE-2025-3248

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code...

CVE-2025-3248

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code...

CVE-2025-3248

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Valu...

CVE-2025-29063

An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/sethidessidcfg is not handled properly...

CVE-2025-3163

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has...

CVE-2025-3163

CVE-2025-3163 affects InternLM LMDeploy up to version 0.7.1. The vulnerability targets the function Open in lmdeploy/docs/en/conf.py, where input manipulation leads to arbitrary code execution. The issue enables a local-host attack, and public disclosure of the exploit is noted in multiple source...

CVE-2025-31334

WinRAR (Windows) is affected by CVE-2025-31334: versions prior to 7.11 are vulnerable to a Mark of the Web bypass when opening a specially crafted symbolic link to an executable, potentially allowing arbitrary code execution. Public exploit activity is noted in Nessus, and remediation guidance ac...

CVE-2025-29063

An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/sethidessidcfg is not handled properly...

Important: freetype

Issue Overview: FreeType 2.8.1 has a signed integer overflow in cf2doFlex in cff/cf2intrp.c. CVE-2025-23022 An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code...

CVE-2025-2794

creationtimestamp| type| source ---|---|--- 2025-03-31 16:33:10+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9689 2025-03-31 21:43:28+00:00| seen| https://t.me/cvedetector/21644 2025-08-10 18:27:44+00:00| seen| MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c 2025-09-10 07:47:56+00:00| seen|...