CVE-2025-29287

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...

[slackware-security] zsh

New zsh packages are available for Slackware 15.0 to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/zsh-5.9-i586-1slack15.0.txz: Upgraded. This release fixes a security issue in zsh-5.8: Some prompt expansion sequences, such as %F, support 'argument...

Exploit for Code Injection in Dgorissen Pycel

CVE-2024-53924 - Description: Pycel through 1.0b30, when oper...

CVE-2024-40070

Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via idgenerator/classes/Users.php?f=save. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2025-31200

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware ...

GHSA-2689-CW26-6CPJ Whoogle allows attackers to execute arbitrary code via supplying a crafted search query

An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query...

CVE-2024-40070

CVE-2024-40070 affects Sourcecodester Online ID Generator System 1.0. The issue is an arbitrary file upload vulnerability at id_generator/classes/Users.php?f=save that allows an attacker to execute arbitrary PHP code by uploading a crafted file. The connected documents provide concrete details ab...

RHEL 6 / 7 : rh-java-common-apache-commons-collections (RHSA-2015:2523)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:2523 advisory. The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections...

CVE-2025-24797 Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow

Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...

Adobe FrameMaker heap buffer overflow vulnerability (CNVD-2025-07243)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A heap buffer overflow vulnerability exists in Adobe FrameMaker, which can be exploited by an attacker to execute...

[SECURITY] [DLA 4126-1] jinja2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4126-1 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro April 13, 2025 https://wiki.debian.org/LTS -...

CVE-2024-56406

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the tr operator, Sdotransinvmap can overflow the destination...

CVE-2025-3287

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the...

CVE-2025-3288

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute...

CVE-2025-2285

A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerabili...

CVE-2025-3114 Spotfire Code Execution Vulnerability

Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise. Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandb...

PyTorch torch.lstm_cell function buffer overflow vulnerability

PyTorch is a Python package open-sourced by PyTorch. PyTorch has a buffer overflow vulnerability that stems from the failure of the function torch.lstmcell to properly validate the length size of the input data, which can be exploited by an attacker to execute arbitrary code on the system or caus...

CVE-2025-30286 ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. A high-privileged attacker could leverage this vulnerabili...

CVE-2025-27751

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

CVE-2025-26642

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally...