PT-2025-13571 · Cool-Path +1 · Cool-Path +1

Name of the Vulnerable Software and Affected Versions: janryWang depath version 1.0.6 janryWang cool-path version 1.1.2 Description: The vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties. This is achieved through a prototy...

CVE-2025-20229

creationtimestamp| type| source ---|---|--- 2025-03-26 22:25:33+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8996 2025-03-26 23:56:01+00:00| seen| https://t.me/cvedetector/21241 2025-03-28 12:11:46+00:00| seen| https://t.me/truesecator/6886 2025-04-07 05:53:24+00:00| seen|...

CVE-2024-21760

An improper control of generation of code 'Code Injection' vulnerability CWE-94 in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code...

CVE-2024-8238

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...

CVE-2024-10252

A vulnerability in langgenius/dify versions =v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. This vulnerability enables an attacker to execute arbitrary Python code with root privileges within the sandbox environment, potentially leading to the deletion of...

CVE-2024-10950

CVE-2024-10950 affects binary-husky/gpt_academic ≤ 3.83, via the CodeInterpreter plugin. The root cause is prompt injection that causes untrusted prompts to generate code executed without a sandbox, enabling remote code execution (RCE) on the application backend server. The described impact is fu...

CVE-2024-57061

Termius desktop client (versions 9.9.0–9.16.0) is affected by an issue where an insecure Electron Fuses configuration enables a physically proximate attacker to execute arbitrary code. Root cause: misconfigured Electron Fuses in the app, allowing code execution. Impact: high, with potential compr...

Apple macOS MOV File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MOV...

CVE-2025-27174

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

CVE-2024-12858

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2025-22880...

Microsoft Word Code Execution Vulnerability (CNVD-2025-09956)

Microsoft Word is a word processing software in the Office suite of the American Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Word Code Execution Vulnerability (CNVD-2025-09957)

Microsoft Word is a word processing software in the Office suite of the American Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

CVE-2025-26260

Plenti = 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution...

CVE-2025-27161 Acrobat Reader | Out-of-bounds Read (CWE-125)

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code i...

CVE-2025-27162 Acrobat Reader | Access of Uninitialized Pointer (CWE-824)

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mus...

CVE-2025-24441

CVE-2025-24441 affects Substance3D Sampler 4.5.2 and earlier, with an out-of-bounds write vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). Affected version information and impact are...

CVE-2025-23396

A vulnerability has been identified in Teamcenter Visualization V14.3 All versions V14.3.0.13, Teamcenter Visualization V2312 All versions V2312.0009, Teamcenter Visualization V2406 All versions V2406.0007, Teamcenter Visualization V2412 All versions V2412.0002, Tecnomatix Plant Simulation V2302...

ROS-20250311-06

PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...

PT-2025-10836 · Microsoft · Windows Ntfs +1

Name of the Vulnerable Software and Affected Versions: Windows NTFS affected versions not specified Description: The issue is related to a heap-based buffer overflow in Windows NTFS, allowing an unauthorized attacker to execute code locally. This can be exploited by mounting a specially crafted V...

CVE-2025-25977

An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement...