APSB25-119 : Security update available for Adobe Acrobat Reader

Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution and security feature bypass...

APSB25-118 : Security update available for Adobe DNG SDK

Adobe has released an update for the Adobe DNG Software Development Kit SDK for Windows and macOS. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution and memory exposure, or application denial-of-service...

APSB25-115 : Security update available for Adobe Experience Manager

Adobe has released updates for Adobe Experience Manager AEM. These updates resolve vulnerabilities rated critical and important. Successful exploitation of these vulnerabilities could result in arbitrary code execution, arbitrary file system read, and priviledge escalation...

Siemens RUGGEDCOM ROX II 注入漏洞

Siemens RUGGEDCOM ROX II is an operating system for industrial applications from Siemens, Germany. Siemens RUGGEDCOM ROX II suffers from an injection vulnerability that stems from insufficient validation of SCEP client fields, which can be exploited by an attacker to cause execution of arbitrary...

PT-2025-50281

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2025.4, 2023.16, and 2021.22 and earlier Description ColdFusion versions 2025.4, 2023.16, and 2021.22 and earlier are susceptible to an unrestricted file upload issue with dangerous file types. Successful exploitation of th...

Robocode 安全漏洞

Robocode is an open source programming game by Robocode. A security vulnerability exists in Robocode version 1.9.3.6, which stems from insufficient data length validation and could lead to a buffer overflow and arbitrary code execution...

CVE-2025-56704

LeptonCMS 7.3.0 is affected by an arbitrary file upload vulnerability caused by insufficient validation of uploaded files. An authenticated attacker can upload a crafted ZIP/PHP file to execute arbitrary code. Affected software: LeptonCMS 7.3.0. Root cause: lack of proper validation during file u...

Robocode 安全漏洞

Robocode is a programming game. A security vulnerability exists in Robocode version 1.9.3.6, which stems from improper creation of temporary files and could lead to arbitrary code execution...

elysia 代码注入漏洞

elysia is a framework of elysia open source. A code injection vulnerability exists in elysia 1.4.17 and earlier versions, which stems from an uncleared cookie configuration and could lead to arbitrary code execution...

COMMAX WebViewer ActiveX Control 缓冲区错误漏洞

COMMAX WebViewer ActiveX Control is a browser plug-in from the Korean company COMMAX. A buffer error vulnerability exists in COMMAX WebViewer ActiveX Control version 2.1.4.5, which stems from a buffer overflow issue in CommaxWebViewer.ocx that could lead to the execution of arbitrary code...

Fortinet FortiExtender 操作系统命令注入漏洞

Fortinet FortiExtender is a wireless WAN wide area network extender device from Fortinet, Inc. An operating system command injection vulnerability exists in Fortinet FortiExtender versions 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, all versions of 7.2, and all versions of 7.0, which originates fro...

Siemens SIMATIC CN 4100 命令注入漏洞

The Siemens SIMATIC CN 4100 is a communication node from Siemens, Germany. The Siemens SIMATIC CN 4100 suffers from a command injection vulnerability that stems from insufficient validation of REST API input parameters, which can be exploited by an attacker to cause execution of arbitrary code...

PT-2025-50284

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2025.4, 2023.16, and 2021.22 and earlier Description An improper access control issue exists in ColdFusion that could allow for arbitrary code execution with the privileges of the current user. An attacker with high...

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A buffer error vulnerability exists in versions prior to Mozilla Firefox 146, which stems from a memory security issue that could lead to memory corruption and execution of arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2025-14308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length o...

PT-2025-50224

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 20.005.30793 through 20.005.30803 Acrobat Reader versions 24.001.30264 through 24.001.30273 Acrobat Reader version 25.001.20982 Description Acrobat Reader is susceptible to an Untrusted Search Path issue. This could all...

Mozilla -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=1963153%2C1985058%2C1995637%2C1997118 reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

Security Vulnerabilities fixed in Firefox 146 — Mozilla

Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5,...

Arbitrary Code Injection

Overview @vitejs/plugin-rsc is a React Server Components RSC support for Vite. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe dynamic imports in the loadServerAction, decodeReply, and decodeAction server APIs. An attacker can execute arbitrary JavaScript...

n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook

Impact The n8n Git node allows workflows to set arbitrary Git configuration values through the Add Config operation. When an attacker-controlled workflow sets core.hooksPath to a directory within the cloned repository containing a Git hook such as pre-commit, Git executes that hook during...