GIMP: GIMP: Arbitrary code execution via specially crafted PSD file

A flaw was found in GIMP. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted PSD Photoshop Document file. This flaw is due to an integer overflow during the parsing of PSD files, which can lead to arbitrary code execution, allowing the attacker to run...

CVE-2026-34428

Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl via curl without scheme or destination validation. Authenticated backend users can supply file:// URLs to read...

CVE-2026-0488

An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...

CVE-2026-25723

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...

AlmaLinux 9 : gimp (ALSA-2026:0914)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:0914 advisory. gimp: GIMP: Remote Code Execution via PNM file parsing integer overflow CVE-2025-14422 gimp: GIMP: Remote Code Execution via JP2 file parsing heap-based...

CVE-2025-55309

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change...

Onlook 安全漏洞

Onlook is a source code visual editing tool from the Onlook open source. A security vulnerability exists in Onlook version 0.2.32, which stems from a text editor feature that does not properly clean up user input and could lead to a cross-site scripting attack...

CVE-2025-11437

A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This issue is currentl...

EUVD-2017-16560

Malware in sbrugna...

EUVD-2021-7731

Malicious code in bioql PyPI...

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

A security weakness has been disclosed in the artificial intelligence AI-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program. The issue stems from the fact that an out-of-the-box security setting is disabled by default,...

Linux Distros Unpatched Vulnerability : CVE-2024-7522

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefo...

CVE-2025-54135

creationtimestamp| type| source ---|---|--- 2025-08-01 13:31:00+00:00| seen| https://thehackernews.com/2025/08/cursor-ai-code-editor-fixed-flaw.html 2025-08-01 15:45:09+00:00| published-proof-of-concept| https://t.me/thehackernews/7272 2025-08-01 18:23:18+00:00| seen|...

CVE-2025-6644

PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a...

(0Day) Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Ace Editor web application. The issue results from the lack of proper validatio...

The vulnerability of the EMACS text editor arises from the lack of measures taken to eliminate special elements, allowing attackers to execute arbitrary commands.

The vulnerability of the EMACS text editor exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

PT-2024-8616 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle versions affected versions not specified Description: A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators. This issue is related to the lack of protection against SQL query structure...

PT-2020-5225 · Microsoft · Visual Studio Code Remote Development Extension

Name of the Vulnerable Software and Affected Versions: Visual Studio Code Remote Development Extension affected versions not specified Description: The issue is related to the Visual Studio Code Remote Development Extension and involves a problem with the SSH editor's source code, specifically wi...

CVE-2019-17551

In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an attacker can send an authenticated POST request with a malicious payload to /WFS/agreementView.faces allowing a stored XSS via the mainForm:loanNotesnotes:0:richtexteditornotetext parameter in the Notes section. Although versions...

CVE-2018-15559

The editor in Xiuno BBS 4.0.4 allows stored XSS...