Security Updates for Microsoft Excel Products (July 2025)

The Microsoft Excel Products are missing a security update. They are, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. CVE-2025-48812 - A remote code execution vulnerability. An...

USN-7584-1: Roundcube vulnerability

It was discovered that Roundcube Webmail did not properly sanitize the from parameter in a URL, leading to PHP Object Deserialization. A remote attacker could possibly use this issue to execute arbitrary code...

CVE-2025-32797 Conda-build Insecure Build Script Permissions Enabling Arbitrary Code Execution

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the writebuildscripts function in conda-build creates the temporary build script condabuild.sh with overly permissive file permissions 0o766, allowing write access to all users. Attackers with filesystem...

CVE-2025-49131

FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container fastgpt-sandbox is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated...

CVE-2025-49008 Atheos Improper Input Validation Vulnerability Enables RCE in Common.php

Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of escapeshellcmd in /components/codegit/traits/execute.php allows argument injection, leading to arbitrary command execution. Atheos administrators and users of vulnerable version...

CVE-2025-48389

CVE-2025-48389 affects FreeScout prior to version 1.8.178. The issue arises from deserialization of untrusted data when using the set function to pass a serialized object string, and deserialization occurs when retrieving an option via the get method, enabling arbitrary code execution. This vulne...

CVE-2023-45583

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13,...

CVE-2023-47620

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code...

CVE-2022-41138

In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution...

CVE-2022-36320

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 103...

CVE-2021-25689

An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code...

CVE-2021-21978

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could uploa...

CVE-2021-0514

In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2020-29625

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution...

CVE-2020-36655

Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file...

CVE-2020-20210

Bludit 3.9.2 is vulnerable to Remote Code Execution RCE via /admin/ajax/upload-images...

CVE-2019-15642

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must...

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (May 2025)

This host is missing a critical security update according to Microsoft Office Click-to-Run update May 2025. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2025-30383 Microsoft Excel Remote Code Execution Vulnerability

...

EulerOS 2.0 SP10 : emacs (EulerOS-SA-2025-1506)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands o...