libtiff: Libtiff Write-What-Where

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...

thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume th...

CVE-2025-42890

SQL Anywhere Monitor Non-GUI baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system...

CVE-2025-57310

A Cross-Site Request Forgery CSRF vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code...

PT-2025-46695

Name of the Vulnerable Software and Affected Versions Salmen2/Simple-Faucet-Script version 1.07 Description A Cross-Site Request Forgery CSRF issue exists in the software. A crafted POST request to the ''admin.php?p=ads&c=1'' endpoint can allow attackers to execute arbitrary code. Recommendations...

Google Chrome Input Validation Error Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from an input validation error vulnerability that stems from insufficient validation of untrustworthy input in Devtools, which can be exploited by an attacker to execute arbitrary code...

CVE-2025-57310

Summary: CVE-2025-57310 is a CSRF vulnerability in Salmen2/Simple-Faucet-Script v1.07. A crafted POST to, e.g., admin.php?p=ads&c=1 allows an authenticated attacker to execute arbitrary code, leading to modification of the homepage and stored XSS. Impact: CVSS v3.1 base score 8.8 (High); attacker...

Simple Faucet Script 安全漏洞

Simple Faucet Script is a virtual currency service by Salmen2 Personal Developer. A security vulnerability exists in Simple Faucet Script v1.07, which stems from a cross-site request forgery in the admin.php?p=ads&c=1 endpoint that could lead to the execution of arbitrary code...

PT-2025-46878

Name of the Vulnerable Software and Affected Versions Vega versions prior to 6.2.0 vega-expression versions prior to 6.1.0 vega-interpreter versions prior to 2.2.1 vega-expression versions prior to 5.2.1 vega-interpreter versions prior to 1.2.1 Description Vega is a visualization grammar used for...

CVE-2025-64531

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-40827

A vulnerability has been identified in Siemens Software Center All versions V3.5, Solid Edge SE2025 All versions V225.0 Update 10. The affected application is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system...

CVE-2025-61835 Substance3D - Stager | Integer Underflow (Wrap or Wraparound) (CWE-191)

Substance3D - Stager versions 3.1.5 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-64531 Substance3D - Stager | Use After Free (CWE-416)

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-64531

Adobe Substance 3D Stager is affected in versions 3.1.5 and earlier by a Use After Free vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file (user interaction) and is described as a LOCAL vector with hi...

CVE-2025-61834 Substance3D - Stager | Use After Free (CWE-416)

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-40827

Affected products and versions: Siemens Software Center (all versions < V3.5) and Solid Edge SE2025 (all versions

xorg: xmayland: Use-after-free in XPresentNotify structure creation

A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an...

CVE-2025-61837

Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-61837 Format Plugins | Heap-based Buffer Overflow (CWE-122)

Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-61837

CVE-2025-61837 affects Adobe Format Plugins. Multiple connected sources confirm a heap-based buffer overflow in Format Plugins versions 1.1.1 and earlier, enabling arbitrary code execution in the current user’s context. Exploitation requires user interaction (victim opens a crafted file). The iss...