EUVD-2025-199943

The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...

CVE-2025-64772

CVE-2025-64772 affects Sony INZONE Hub installer versions 1.0.10.3–1.0.17.0. Root cause: an insecure DLL search path in the installer allowing loading of unintended DLLs, enabling arbitrary code to run with the invoking user’s privileges. CVSS data indicates local access with low attack complexit...

PT-2025-48450

Name of the Vulnerable Software and Affected Versions OpenAI Codex CLI versions prior to 0.23.0 Description The OpenAI Codex CLI is susceptible to a command injection flaw stemming from how it processes project-local configuration files. Attackers can exploit this by placing malicious configurati...

PT-2025-48484

Name of the Vulnerable Software and Affected Versions Shirt Pocket SuperDuper! versions 3.10 and earlier Description An issue exists that allows a local attacker to execute arbitrary code via the software update mechanism. Recommendations Update to a version later than 3.10...

CVE-2025-61228

An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism...

Grav 安全漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a server-side template injection vulnerability that can be exploited by an attacker to cause arbitrary code execution...

PT-2025-48402

The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...

ASB-A-381885240

In multiple functions of BaseBundle.java, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Exploit for CVE-2025-49132

CVE-2025-49132 CVE-2025-49132 is a critical arbitrary code exe...

HexStrike AI MCP Agents 安全漏洞

HexStrike AI MCP Agents is an MCP server by the individual developer Muhammad Osama. HexStrike AI MCP Agents suffers from a security vulnerability that stems from not cleaning up command line parameters, which could lead to the execution of arbitrary code...

OESA-2025-2760 emacs security update

Emacs is the extensible, customizable, self-documenting real-time display editor. At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. And it is an entire ecosystem of functionality beyond text editing, including a proje...

CVE-2025-60455

Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code...

📄 WinRAR 6.22 Malicious ZIP Creation

This Metasploit module exploits a logical flaw in WinRAR versions before 6.23. The vulnerability allows attackers to create specially crafted ZIP archives that, when opened, execute arbitrary code by exploiting the file extraction logic when a user double-clicks on a file within the archive that...

Ubuntu: Security Advisory (USN-7897-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-62354

Improper neutralization of special elements used in an OS command 'command injection' in Cursor allows an unauthorized attacker to execute commands that are outside of those specified in the allowlist, resulting in arbitrary code execution...

CVE-2025-12140

The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution...

USN-7852-2: libxml2 vulnerability

USN-7582-1 fixed a vulnerability in libxml2. This update provides the corresponding fix for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that libxslt, used by libxml2, incorrectly handled certain attributes. An attacker could use this issue...

CVE-2025-63434

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...

CVE-2025-60917

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter...

USN-7895-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...