CVE-2025-7285

CVE-2025-7285 concerns IrfanView CADImage Plugin where DXF file parsing lacks proper validation, triggering memory corruption. The vulnerability can permit remote code execution in the context of the affected process, with user interaction required (target must open a malicious DXF/page). Public ...

CVE-2025-7276 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2025-7239

CVE-2025-7239 affects the IrfanView CADImage Plugin. The vulnerability is a memory corruption flaw in DWG file parsing that can lead to remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The root cause is insufficient validation ...

CVE-2025-7253 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2025-7249

CVE-2025-7249 affects IrfanView CADImage Plugin and is a DWG file parsing memory corruption vulnerability. The flaw stems from insufficient validation of DWG data, enabling remote code execution in the plugin’s process when a user opens a malicious DWG or visits a malicious page. Attack scenario ...

CVE-2025-7243 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2025-7251

The CVE-2025-7251 entry concerns IrfanView CADImage Plugin, where a DWG file parsing flaw allows an out-of-bounds read that can lead to remote code execution. The issue stems from insufficient validation of user-supplied data in DWG parsing, enabling an attacker to execute code in the context of ...

CVE-2025-7231

CVE-2025-7231 affects INVT VT-Designer. The flaw is in PM3 file parsing, caused by insufficient validation that can cause a write past the end of an allocated data structure, enabling remote code execution. Exploitation requires user interaction (target opens a malicious PM3/VM/related file or vi...

Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2025-1817)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-46000

An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...

CVE-2024-39289

A code execution vulnerability has been discovered in the Robot Operating System ROS 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval function to process unsanitized, user-supplied parameter values via special converters fo...

CVE-2025-3753

A code execution vulnerability has been identified in the Robot Operating System ROS 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval function to process unsanitized, user-supplied input in the 'rosbag filter' command. This...

CVE-2024-39289

A code execution vulnerability has been discovered in the Robot Operating System ROS 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval function to process unsanitized, user-supplied parameter values via special converters fo...

CVE-2025-3753

The CVE-2025-3753 issue affects the ROS rosbag tool, specifically ROS Noetic Ninjemys and earlier. The root cause is the use of Python’s eval() to process unsanitized, user-supplied input within the rosbag filter command, enabling potential arbitrary Python code execution. Documents consistently ...

CVE-2024-39289 Unsafe use of eval() method in rosparam tool

A code execution vulnerability has been discovered in the Robot Operating System ROS 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval function to process unsanitized, user-supplied parameter values via special converters fo...

CVE-2024-39289

The CVE-2024-39289 entry concerns the ROS rosparam tool. Affected software: Robot Operating System (ROS) distributions Noetic Ninjemys and earlier, where rosparam processes unsanitized parameter values using special converters for angle representations in radians. Root cause: use of Python’s eval...

CVE-2024-39289 Unsafe use of eval() method in rosparam tool

A code execution vulnerability has been discovered in the Robot Operating System ROS 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval function to process unsanitized, user-supplied parameter values via special converters fo...

CVE-2025-7433

CVE-2025-7433 is a local privilege escalation affecting Sophos Intercept X for Windows with Central Device Encryption versions 2025.1 and older, enabling arbitrary code execution. The issue is confirmed across multiple sources in the connected set, including vendor advisories and PT security summ...

CVE-2025-53909 mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template

mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows...

AlmaLinux 8 : emacs (ALSA-2025:11030)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:11030 advisory. emacs: arbitrary code execution via Lisp macro expansion CVE-2024-53920 Tenable has extracted the preceding description block directly from the AlmaLinux security...