Huawei EulerOS: Security Advisory for EDK2 (EulerOS-SA-2025-2571)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-63665

An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window...

CVE-2025-68433

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...

CVE-2025-68432

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via crafted symbolic links in the repository. An attacker can access sensitive files on the server filesystem by creating and referencing symbolic links that point to arbitrary locations. Details A Directory Traversa...

EUVD-2025-203957

nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows...

nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows

Summary On Windows, converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a inkscape.bat file that defines a Windows batch script, capable of arbitrary code execution. When a user runs jupyter nbconvert --to pdf on a...

CVE-2023-53940 Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...

CVE-2023-53940

CVE-2023-53940 affects Codigo Markdown Editor 1.0.1 (Electron). The vulnerability arises from handling of markdown files where an embedded video source with an onerror event can trigger arbitrary shell commands via Node.js child_process, enabling code execution when the file is opened. Public ind...

CVE-2023-53940 Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...

CVE-2023-53942 File Thingie 2.5.7 Authenticated Arbitrary File Upload Remote Code Execution

File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with ...

tinacms is vulnerable to arbitrary code execution

Summary tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. Details The gray-matter package executes by default the code in the markdown file's front matter. tinacms...

GHSA-529F-9QWM-9628 tinacms is vulnerable to arbitrary code execution

Summary tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. Details The gray-matter package executes by default the code in the markdown file's front matter. tinacms...

CVE-2025-68278 tinacms vulnerable to arbitrary code execution

Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cl...

CVE-2025-68278

CVE-2025-68278 affects tinacms prior to 3.1.1, where insecure use of the gray-matter package allows attackers who can control markdown front matter (e.g., blog posts) to execute arbitrary code. The issue spans tinacms, @tinacms/cli (v2.0.4), and @tinacms/graphql (v2.0.3). A fix is available in ti...

CVE-2025-53000

A flaw was found in nbconvert, specifically in the jupyter nbconvert tool on Windows. A third party can exploit this vulnerability by creating a malicious inkscape.bat file in a directory. When a user then converts a Jupyter notebook containing SVG output to a PDF from this directory, the malicio...

CVE-2025-64462

There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

CVE-2025-64464

There is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. Th...

CVE-2025-64463

There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...

CVE-2025-64467

There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...