Adobe Illustrator Out-of-Bounds Write Vulnerability (CNVD-2025-28652)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

CVE-2025-63680

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...

Adobe InCopy Heap Buffer Overflow Vulnerability

Adobe InCopy is a text editing software for creative writing from the American company Audobee Adobe. Adobe InCopy suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code execution in the current user environment...

Nero BackItUp 安全漏洞

Nero BackItUp is a backup program from Nero. A security vulnerability exists in Nero BackItUp that stems from path resolution and UI rendering flaws that could lead to the execution of arbitrary code when a user clicks on a specially crafted entry...

Adobe Illustrator on iPad Integer Dive Vulnerability (CNVD-2025-28650)

Adobe Illustrator on iPad is a set of vector-based image creation software from the American company Audobee Adobe. Adobe Illustrator on iPad suffers from an integer sneak vulnerability that can be exploited by an attacker to cause arbitrary code execution in the current user environment...

PT-2025-46958

Name of the Vulnerable Software and Affected Versions Alto CMS version 1.1.13 Description A Cross Site Scripting issue exists in Alto CMS version 1.1.13. A local attacker can potentially execute arbitrary code by using a specially crafted script. Recommendations At the moment, there is no...

Adobe Illustrator on iPad Out-of-Bounds Write Vulnerability

Adobe Illustrator on iPad is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Illustrator on iPad, which can be exploited by an attacker to cause arbitrary code execution in the current user environment...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-29964)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information leakage vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on the system...

CVE-2024-42749

Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows a local attacker to execute arbitrary code via a crafted script...

CVE-2024-42749

Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows a local attacker to execute arbitrary code via a crafted script...

FreeBSD : Mozilla -- Memory safety bugs (bff06006-c0b7-11f0-ab42-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bff06006-c0b7-11f0-ab42-b42e991fc52e advisory. https://bugzilla.mozilla.org/buglist.cgi?bugid=1987237%2C1990079%2C1991715%2C1994994 reports: Memory...

Adobe Photoshop Heap Buffer Overflow Vulnerability (CNVD-2025-29701)

Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. Adobe Photoshop suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the context of the current user...

Adobe Substance3D Stager Integer Underflow Vulnerability

Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. Adobe Substance3D Stager suffers from an integer underflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...

Adobe InCopy < 20.5.1 / 20.0 < 21.0.0 Multiple Vulnerabilities Arbitrary code execution (APSB25-107)

The version of Adobe InCopy installed on the remote host is prior to 20.5.1, 21.0.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB25-107 advisory. - InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in...

Siemens Solid Edge DLL Hijacking (SSA-365596)

The version of Siemens Solid Edge installed on the remote Windows host is prior to SE2025 V225.0 Update 10. It is, therefore, affected by a DLL hijacking vulnerability. The affected application is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code via placing a...

Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable

Impact Applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. 1. Use vega in an application that attaches vega library and a vega.View instance similar to the Vega Editor to the global window 2. Allow user-defined...

GHSA-7F2V-3QQ3-VVJF Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable

Impact Applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. 1. Use vega in an application that attaches vega library and a vega.View instance similar to the Vega Editor to the global window 2. Allow user-defined...

EUVD-2025-175368

Dell Alienware Command Center 6.x AWCC, versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary Code Execution...

EUVD-2025-175367

The issue was addressed by refusing external connections by default. This issue is fixed in Compressor 4.11.1. An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code...

CVE-2025-60699

A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592B20191022ALL within the global.so binary. The getSaveConfig function retrieves the httphost parameter from user input via websGetVar and copies it into a fixed-size stack buffer v13 using strcpy without...