CVE-2025-64486 calibre is vulnerable to arbitrary code execution when opening FB2 files

calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve...

CVE-2025-64486 calibre is vulnerable to arbitrary code execution when opening FB2 files

calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve...

EUVD-2025-38297

A reflected cross-site scripting XSS vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

EUVD-2025-38315

Arbitrary Code Execution in pdfminer.six via Crafted PDF Input...

GHSA-WF5F-4JWR-PPCP Arbitrary Code Execution in pdfminer.six via Crafted PDF Input

Summary pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in pdfminer.six uses pickle.loads to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six distribution stored in th...

Arbitrary Code Execution in pdfminer.six via Crafted PDF Input

Summary pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in pdfminer.six uses pickle.loads to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six distribution stored in th...

CVE-2025-9458

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

EUVD-2025-38319

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2025-9458 PRT File Parsing Memory Corruption Vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2025-9458

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2025-12556

An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine...

[SECURITY] [DSA 6050-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6050-1 [email protected] https://www.debian.org/security/ Andres Salomon November 07, 2025 https://www.debian.org/security/faq -...

CVE-2025-61261

CVE-2025-61261 is a reflected XSS vulnerability affecting CKEditor 46.1.0 (CKEditor 5) when used with Angular 18.0.0. The issue enables an attacker-supplied payload to execute in the user’s browser context (impact: partial in some documents; CVSS 3.1 base score 5.4). Affected component is CKEdito...

py-pdfminer.six -- Arbitrary Code Execution in pdfminer.six via Crafted PDF Input

Pieter Marsman reports: pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in pdfminer.six uses pickle.loads to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six...

Lexmark Printers Integer Overflow or Wraparound (CVE-2023-26065)

An integer overflow vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503905; scriptversion"1.3";...

Lexmark Printers Access of Resource Using Incompatible Type (CVE-2024-11346)

A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503884;...

money-pos 安全漏洞

money-pos McNee Cashiering System is a cashiering system by the individual developer of McNeeMoney. A security vulnerability exists in money-pos, which stems from a SQL injection vulnerability in the orderby parameter that could lead to the execution of arbitrary code...

Lexmark Printers Buffer Overflow (CVE-2023-26064)

An out of bounds write vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503891; scriptversion"1.3";...

Lexmark Printers Stack-based Buffer Overflow (CVE-2023-50734)

A buffer overflow vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503885; scriptversion"1.4";...

Teamcenter Visualization WRL File Parsing Vulnerabilities

Siemens Teamcenter Visualization contains multiple file-parsing vulnerabilities in its WRL-file reader that affect versions V14.2, V14.3, V2312, and V2406. If a user opens a specially crafted malicious WRL file, the application may crash or allow arbitrary code execution in the context of the...