Lucene search
K

120934 matches found

CNVD
CNVD
added 2025/10/17 12:0 a.m.6 views

Unspecified Vulnerability in Adobe Substance3D Viewer (CNVD-2025-24166)

Adobe Substance3D Viewer is a stand-alone desktop application for viewing and editing 3D files from Audobee Adobe USA. A security vulnerability exists in Adobe Substance3D Viewer 0.25.2 and earlier versions, which can be exploited by an attacker to cause arbitrary code execution in the current us...

7.8CVSS7.7AI score0.00221EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/17 12:0 a.m.3 views

Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2025-24450)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

8.8CVSS8.4AI score0.02245EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/17 12:0 a.m.3 views

Adobe Framemaker Memory Misreference Vulnerability (CNVD-2025-24391)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A memory misreference vulnerability exists in Adobe Framemaker, which can be exploited by an attacker to cause...

7.8CVSS7.4AI score0.00197EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/17 12:0 a.m.1 views

Adobe Illustrator Out-of-Bounds Write Vulnerability (CNVD-2025-24392)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

7.8CVSS7.5AI score0.00193EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/17 12:0 a.m.4 views

Adobe Illustrator Out-of-Bounds Write Vulnerability (CNVD-2025-24393)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

7.8CVSS7.5AI score0.00193EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/17 12:0 a.m.3 views

Memory Misreference Vulnerability in Multiple Mozilla Products (CNVD-2025-24622)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A memor...

9.8CVSS7.5AI score0.00465EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/17 12:0 a.m.6 views

Adobe Dimension Input Validation Error Vulnerability (CNVD-2025-24213)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. An input validation error vulnerability exists in Adobe Dimension, which can be exploited by an attacker to cause arbitrary code execution in the current user environment...

7.8CVSS7.7AI score0.00201EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/17 12:0 a.m.3 views

Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2025-24451)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

8.8CVSS8.4AI score0.01243EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/17 12:0 a.m.3 views

Adobe Dimension Memory Misreference Vulnerability (CNVD-2025-24255)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. A memory misreference vulnerability exists in Adobe Dimension, which can be exploited by an attacker to cause arbitrary code execution in the current user environment...

7.8CVSS7.7AI score0.0021EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/17 12:0 a.m.3 views

Fortinet FortiClientMac Code Injection Vulnerability

Fortinet FortiClientMAC is a U.S. fly tower Fortinet company based on macOS platform security tools. A code injection vulnerability exists in Fortinet FortiClientMac, which stems from the application's failure to properly filter special elements of constructed snippets, and can be exploited by an...

7.1CVSS9.6AI score0.00253EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/17 12:0 a.m.3 views

Microsoft Excel Code Execution Vulnerability (CNVD-2025-24448)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS8.1AI score0.00347EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/17 12:0 a.m.6 views

Microsoft Office Visio Code Execution Vulnerability (CNVD-2026-00030)

Microsoft Office Visio is a U.S. Microsoft Microsoft Office software series responsible for drawing flowcharts and schematic diagrams in the software. A code execution vulnerability exists in Microsoft Office Visio, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS8.1AI score0.00347EPSS
Exploits0References1
Snyk
Snyk
added 2025/10/16 7:42 p.m.3 views

Arbitrary Code Injection

Overview @cocalc/hub is a CoCalc: Backend webserver component Affected versions of this package are vulnerable to Arbitrary Code Injection via uploading a crafted SVG file. An attacker can execute arbitrary code by uploading a specially crafted SVG file. Remediation A fix was pushed into the mast...

6.9CVSS7.9AI score0.0037EPSS
Exploits0References2
NVD
NVD
added 2025/10/16 7:15 p.m.3 views

CVE-2025-61553

An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 2020-05-20 to commit 480907 2025-07-06 allows local attackers to cause a denial of service host hypervisor crash via a crafted PCI configuration space access. Given it's a heap overflow in a privileged...

8.2CVSS0.00191EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/16 6:30 p.m.6 views

EUVD-2025-34780

A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...

7.1CVSS7.4AI score0.00469EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/16 5:55 p.m.4 views

EUVD-2025-34807

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting XSS vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 t...

5.1CVSS5.8AI score0.00374EPSS
Exploits3References5
RedhatCVE
RedhatCVE
added 2025/10/16 4:56 p.m.13 views

CVE-2025-59889

Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of IPP which is available on the Eaton download center...

8.6CVSS7.7AI score0.00169EPSS
Exploits0References1
OSV
OSV
added 2025/10/16 4:15 p.m.2 views

CVE-2025-62494

A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...

8.8CVSS6.3AI score
Exploits0References2
NVD
NVD
added 2025/10/16 4:15 p.m.3 views

CVE-2025-62494

A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...

8.8CVSS0.00469EPSS
Exploits1References2
OSV
OSV
added 2025/10/16 4:15 p.m.3 views

DEBIAN-CVE-2025-62494

A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...

8.8CVSS6.6AI score0.00469EPSS
Exploits1References1
Rows per page
Query Builder