CVE-2025-54223

InCopy versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-54219

CVE-2025-54219 affects Adobe InCopy: heap-based buffer overflow in InCopy versions 20.4, 19.5.4 and earlier. Root cause: improper memory handling leading to a heap overflow. Impact: arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must op...

CVE-2025-54221

Summary: CVE-2025-54221 affects Adobe InCopy versions 20.4, 19.5.4 and earlier with an out-of-bounds write that can lead to arbitrary code execution in the context of the current user when a malicious file is opened. The issue requires user interaction. Concrete details from connected sources con...

CVE-2025-54220 InCopy | Heap-based Buffer Overflow (CWE-122)

InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-54225

CVE-2025-54225 concerns Adobe InDesign Desktop (versions 20.4, 19.5.4 and earlier) with a Use-After-Free vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires the victim to open a crafted file (user interaction). Publicly disclosed sourc...

CVE-2025-49571 Substance3D - Modeler | Uncontrolled Search Path Element (CWE-427)

Substance3D - Modeler versions 1.22.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses an uncontrolled search path to locate critical resources such as programs, ...

Adobe Substance3D 缓冲区错误漏洞

Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. Adobe Substance 3D Stager suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the context of the current user...

Adobe Photoshop 缓冲区错误漏洞

Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. Adobe Photoshop suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the...

PT-2025-32929 · Adobe · Indesign Desktop 19.5.4 +1

Name of the Vulnerable Software and Affected Versions: InDesign Desktop versions 20.4 and earlier InDesign Desktop version 19.5.4 Description: InDesign Desktop versions 20.4 and earlier, and version 19.5.4 are affected by a heap-based buffer overflow that may lead to arbitrary code execution with...

PT-2025-32560 · Omnissa · Workspace One Uem

Name of the Vulnerable Software and Affected Versions: Omnissa Workspace ONE UEM affected versions not specified Description: Omnissa Workspace ONE UEM contains a Server-Side Request Forgery SSRF vulnerability. A malicious actor with user privileges may be able to access restricted internal syste...

CVE-2025-52586

The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write...

Linux Distros Unpatched Vulnerability : CVE-2025-38100

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: x86/iopl: Cure TIFIOBITMAP inconsistencies iobitmapexit is invoked from exitthread when a ta...

CVE-2025-52586

The CVE-2025-52586 issue affects EG4 Electronics EG4 Inverters, where MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext. The root impact described across sources is interception, manipulation, replay, or forging of sensitive commands/data (voltag...

platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()

...

Linux Distros Unpatched Vulnerability : CVE-2025-38077

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in currentpasswordstore If the 'buf'...

PT-2025-31933 · Bluestacks · Bluestacks

Name of the Vulnerable Software and Affected Versions: BlueStacks version 5.20 Description: A lack of SSL certificate validation allows attackers to execute a man-in-the-middle attack and obtain sensitive information. Recommendations: At the moment, there is no information about a newer version...

Linux Distros Unpatched Vulnerability : CVE-2024-26995

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Correct the PDO counting in pdset Off-by-one errors happen because nrsnkpd...

CVE-2025-50869

A stored Cross-Site Scripting XSS vulnerability exists in the qureydetails.php page of Institute-of-Current-Students 1.0, where the input fields for Query and Answer do not properly sanitize user input. Authenticated users can inject arbitrary JavaScript code...

CVE-2025-50869

CVE-2025-50869 is a stored XSS vulnerability in Institute-of-Current-Students 1.0, located in the qureydetails.php page. The input fields for Query and Answer are not properly sanitized, allowing authenticated users to inject arbitrary JavaScript code. Public documentation in connected sources co...

Institute-of-Current-Students 安全漏洞

Institute-of-Current-Students is a school management website by the individual developer Vishal Mathur. A security vulnerability exists in version 1.0 of Institute-of-Current-Students, which stems from insufficient cleanup of the Query and Answer input fields in the file querydetails.php, which...