120934 matches found
Unspecified Vulnerability in Adobe Substance3D Viewer (CNVD-2025-24166)
Adobe Substance3D Viewer is a stand-alone desktop application for viewing and editing 3D files from Audobee Adobe USA. A security vulnerability exists in Adobe Substance3D Viewer 0.25.2 and earlier versions, which can be exploited by an attacker to cause arbitrary code execution in the current us...
Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2025-24450)
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...
Adobe Framemaker Memory Misreference Vulnerability (CNVD-2025-24391)
Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A memory misreference vulnerability exists in Adobe Framemaker, which can be exploited by an attacker to cause...
Adobe Illustrator Out-of-Bounds Write Vulnerability (CNVD-2025-24392)
Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...
Adobe Illustrator Out-of-Bounds Write Vulnerability (CNVD-2025-24393)
Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...
Memory Misreference Vulnerability in Multiple Mozilla Products (CNVD-2025-24622)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A memor...
Adobe Dimension Input Validation Error Vulnerability (CNVD-2025-24213)
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. An input validation error vulnerability exists in Adobe Dimension, which can be exploited by an attacker to cause arbitrary code execution in the current user environment...
Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2025-24451)
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...
Adobe Dimension Memory Misreference Vulnerability (CNVD-2025-24255)
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. A memory misreference vulnerability exists in Adobe Dimension, which can be exploited by an attacker to cause arbitrary code execution in the current user environment...
Fortinet FortiClientMac Code Injection Vulnerability
Fortinet FortiClientMAC is a U.S. fly tower Fortinet company based on macOS platform security tools. A code injection vulnerability exists in Fortinet FortiClientMac, which stems from the application's failure to properly filter special elements of constructed snippets, and can be exploited by an...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-24448)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
Microsoft Office Visio Code Execution Vulnerability (CNVD-2026-00030)
Microsoft Office Visio is a U.S. Microsoft Microsoft Office software series responsible for drawing flowcharts and schematic diagrams in the software. A code execution vulnerability exists in Microsoft Office Visio, which can be exploited by an attacker to execute arbitrary code on a system...
Arbitrary Code Injection
Overview @cocalc/hub is a CoCalc: Backend webserver component Affected versions of this package are vulnerable to Arbitrary Code Injection via uploading a crafted SVG file. An attacker can execute arbitrary code by uploading a specially crafted SVG file. Remediation A fix was pushed into the mast...
CVE-2025-61553
An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 2020-05-20 to commit 480907 2025-07-06 allows local attackers to cause a denial of service host hypervisor crash via a crafted PCI configuration space access. Given it's a heap overflow in a privileged...
EUVD-2025-34780
A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...
EUVD-2025-34807
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting XSS vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 t...
CVE-2025-59889
Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of IPP which is available on the Eaton download center...
CVE-2025-62494
A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...
CVE-2025-62494
A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...
DEBIAN-CVE-2025-62494
A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...