Adobe Illustrators stack buffer overflow vulnerability (CNVD-2025-06309)

Adobe Illustrator is a professional vector graphic design software developed by Adobe, widely used in graphic design, illustration creation, web design and other fields. A stack buffer overflow vulnerability exists in Adobe Illustrators in versions 29.1, 28.7.3 and earlier. The vulnerability is...

The vulnerability of the Kerberos protocol for Windows operating systems allows a perpetrator to induce a service failure.

The vulnerability of the Kerberos protocol for Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the ActiveRecord PostgreSQL interpreter for Ruby allows a hacker to cause a service failure.

The vulnerability of the ActiveRecord PostgreSQL interpreter for Ruby is related to insufficient validation of data entered by users. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the fs/ntfs3 components in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the bpf component in the Linux operating system’s kernel is related to incorrect validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the gtp_newlink() function in the drivers/net/gtp.c module of Linux kernel allows a hacker to cause a service failure.

The vulnerability of the gtpnewlink function in the drivers/net/gtp.c file of the Linux kernel is related to an improper representation of the list of network devices, resulting from insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failur...

CVE-2025-0908

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target...

CVE-2025-0902

PDF-XChange Editor is affected by a vulnerability in the XPS file parsing module that can cause an out-of-bounds read and information disclosure. Root cause: insufficient validation of user-supplied data during XPS parsing, leading to reading beyond an allocated object. Impact: information disclo...

Astra Linux – Vulnerability in Chromium

Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

PRTG Network Monitor 跨站脚本漏洞

Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler, Germany. A cross-site scripting vulnerability exists in PRTG Network Monitor that stems from a lack of proper authentication of user-supplied data. An attacker can exploit this vulnerability...

CVE-2025-22880 Heap-based Buffer Overflow in CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current...

CVE-2021-31499

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2021-31515

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 Build ID 88f343c3. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...

CVE-2021-40367

A vulnerability has been identified in syngo fastView All versions. The affected application lacks proper validation of user-supplied data when parsing DICOM files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to...

CVE-2022-43618

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2022-3378

Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory...

CVE-2022-3377

Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory...

CVE-2022-3379

Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by writing outside the memory buffer...

CVE-2022-2502

A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced security’ which must ...

CVE-2022-28684

This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of...

CVE-2022-40651

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...