120951 matches found
USN-7817-1 webkit2gtk vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...
CVE-2025-61532
Cross Site Scripting vulnerability in SVX Portal v.2.7A to execute arbitrary code via the TG parameter on lastheardpage.php component...
libtiff: Libtiff Write-What-Where
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...
Rockwell Automation Stratix
RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...
Rockwell Automation Lifecycle Services with Cisco
RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...
CVE-2025-7634 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Unauthenticated Local File Inclusion
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on th...
Multiple vulnerabilities in FUJI Electric V-SFT
Overview V-SFT provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below. Stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom CWE-121 - CVE-2025-61856 Out-of-bounds write in VS6ComFile!CItemExChange::WinFontDynStrCheck CWE-787 - CVE-2025-61857...
CVE-2025-60834
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...
CVE-2025-60833
An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...
CVE-2025-45095
CVE-2025-45095 affects Lavasoft Web Companion (Ad-Aware WebCompanion) versions 8.9.0.1091 through 12.1.3.1037. The root cause is an unquoted service path in the DCIService.exe service, which could allow an attacker with filesystem write access to place a malicious executable and execute arbitrary...
CVE-2025-56683
A cross-site scripting XSS vulnerability in the component /app/marketplace.html of Logseq v0.10.9 allows attackers to execute arbitrary code via injecting arbitrary Javascript into a crafted README.md file...
Newforma Project Center Server 安全漏洞
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A code execution vulnerability exists in Newforma Project Center...
CVE-2025-61532
Cross Site Scripting vulnerability in SVX Portal v.2.7A to execute arbitrary code via the TG parameter on lastheardpage.php component...
CVE-2025-61532
CVE-2025-61532 describes a Cross Site Scripting vulnerability in SVX Portal v2.7A affecting the last_heard_page.php component, exploitable via the TG parameter to execute arbitrary code. The issue is documented across multiple feeds (NVD, Red Hat, CNNVD, CVE records) with an impact described as a...
EUVD-2025-33355
Cross Site Scripting vulnerability in SVX Portal v.2.7A to execute arbitrary code via the TG parameter on lastheardpage.php component...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : FORT Validator vulnerabilities (USN-7813-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7813-1 advisory. Niklas Vogel and Haya Schulmann discovered that FORT Validator did not perform proper input validation when parsing certain RPKI...
AlmaLinux 10 : git (ALSA-2025:11533)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:11533 advisory. git: Git does not sanitize URLs when asking for credentials interactively CVE-2024-50349 git: Newline confusion in credential helpers can lead to...
USN-7812-1 imagemagick vulnerabilities
Woojin Park, Hojun Lee, Yougin Won and Siyeon Han discovered that ImageMagick did not properly sanitize image file names. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code. CVE-2025-55298 Lumina Mescuwa discovered that...
CVE-2025-60834
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...
CVE-2025-60834
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...