CVE-2025-36072

IBM webMethods Integration 10.11 through 10.11CoreFix22, 10.15 through 10.15CoreFix22, and 11.1 through 11.1CoreFix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data...

CVE-2025-36072 IBM webMethods Integration Deserialization

IBM webMethods Integration 10.11 through 10.11CoreFix22, 10.15 through 10.15CoreFix22, and 11.1 through 11.1CoreFix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data...

CVE-2025-36072

IBM webMethods Integration (on prem) is affected by CVE-2025-36072 due to deserialization of untrusted object graphs, enabling an authenticated user to execute arbitrary code. Affected versions include 10.11 through IS_10.11_Core_Fix22, 10.15 through IS_10.15_Core_Fix22, and 11.1 through IS_11.1_...

CVE-2025-13035

The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.9.1. This is due to the plugin's use of extract on attacker-controlled shortcode attributes within the evaluateshortcodefromflatfile method, which can be used to overwrite the...

EUVD-2025-198293

Stored cross site scripting xss vulnerability in SWISH prolog thru 2.2.0 allowing attackers to execute arbitrary code via crafted web IDE notebook...

EUVD-2025-198295

Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...

CVE-2025-64524

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0.1 and prior, a heap-buffer-overflow vulnerability in the rastertopclx filter causes the program to crash with a segmentation fault...

CVE-2025-64524

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0.1 and prior, a heap-buffer-overflow vulnerability in the rastertopclx filter causes the program to crash with a segmentation fault...

CVE-2025-64524 CUPS rastertopclx Filter Vulnerable to Heap Buffer Overflow Leading to Potential Arbitrary Code Execution

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0.1 and prior, a heap-buffer-overflow vulnerability in the rastertopclx filter causes the program to crash with a segmentation fault...

CVE-2025-64524

CVE-2025-64524 affects cups-filters, with a heap-buffer-overflow in the rastertopclx filter affecting versions 2.0.1 and earlier. This can crash the process or lead to memory corruption and potentially arbitrary code execution. The advisory notes patching via commit 956283c. Connected Nessus advi...

Arbitrary Code Injection

Overview md-to-pdf is a CLI tool for converting Markdown files to PDF. Affected versions of this package are vulnerable to Arbitrary Code Injection via the gray-matter library when parsing front matter containing JavaScript delimiters. An attacker can execute arbitrary code in the Markdown-to-PDF...

CVE-2025-12120 CVE-2025-12120

Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...

CVE-2025-12120 CVE-2025-12120

Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...

UBUNTU-CVE-2025-64524

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0.1 and prior, a heap-buffer-overflow vulnerability in the rastertopclx filter causes the program to crash with a segmentation fault...

CVE-2025-40604

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...

Fortinet FortiADC Buffer Overflow Vulnerability (CNVD-2025-29156)

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. The Fortinet FortiADC suffers from a buffer overflow vulnerability that originates from a boundary error when an application processes untrusted input. An attacker could exploit this vulnerability to execute arbitrary cod...

TencentOS Server 3: expat (TSSA-2023:0141)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0141 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Siemens PS/IGES Parasolid Translator Component Out-of-Bounds Read Vulnerability

The Parasolid Translator Component is a single-format translation toolkit for high-speed end-to-end translation between Parasolid and multiple industry formats such as STEP or IGES. An out-of-bounds read vulnerability exists in versions prior to Siemens PS/IGES Parasolid Translator Component...

CVE-2025-63848

The CVE-2025-63848 entry describes a stored XSS vulnerability in SWISH (SWI‑Prolog SWISH Web IDE) up to version 2.2.0. The issue allows an attacker to execute arbitrary code via a crafted notebook in the Web IDE, indicating code execution impact tied to the web interface. Affected component: SWIS...

IBM webMethods Integration 代码问题漏洞

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A code issue vulnerability exists in IBM webMethods Integration versions 10.11 through 10.11CoreFix22, 10.15 through 10.15CoreFix22, and 11.1 through 11.1CoreFix6, which stems from deserialization of...