CVE-2025-65117

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Designer User to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements...

CVE-2025-65117

The CVE-2025-65117 entry concerns AVEVA Process Optimization: an authenticated Process Optimization Designer User can embed OLE objects into graphics, potentially escalating privileges to a victim user after interaction with the graphics. Core details indicate local access with low attack complex...

CVE-2025-65117 AVEVA Process Optimization Use of Potentially Dangerous Function

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Designer User to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements...

CVE-2025-65117 AVEVA Process Optimization Use of Potentially Dangerous Function

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Designer User to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements...

CVE-2025-64729 AVEVA Process Optimization Missing Authorization

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...

AVEVA Process Optimization security vulnerabilities

AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has a security vulnerability, which arises from the possibility for authenticated attackers to embed OLE objects into graphics, potentially leading to privile...

PT-2026-3198

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Designer User to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements...

MiracleLinux 7 : firefox-128.12.0-1.0.1.el7.AXS7 (AXSA:2025-10426:21)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10426:21 advisory. firefox: Content-Disposition header ignored when a file is included in an embed or object tag CVE-2025-6430 firefox: Use-after-free in FontFaceSet...

CVE-2022-23559

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

PT-2026-1317

Name of the Vulnerable Software and Affected Versions PLANKA version 2.0.0 Description The application does not implement X-Frame-Options and CSP frame-ancestors headers, which allows it to be embedded within malicious iframes. This can expose users to phishing attacks through UI Redressing,...

CVE-2025-65922

PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to be embedded within malicious iframes. While this does not lead to unintended modification of projects or tasks, it exposes users to Phishing attacks. Attackers can frame the legitimate Planka applicati...

PT-2025-52368

Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting XSS CAPEC-63 via a vulnerability a function handler in the Vega AST...

EUVD-2025-201505

A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument healthurl results in server-side request forgery. The attack can be initiated remotely. The explo...

CVE-2025-14116 xerrors Yuxi-Know embed.py OtherEmbedding.aencode server-side request forgery

A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument healthurl results in server-side request forgery. The attack can be initiated remotely. The explo...

EUVD-2025-199832

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...

GHSA-5P82-2Q3R-WJ3M ThingsBoard allows an authenticated user to upload malicious SVG images

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...

PT-2025-48282

Name of the Vulnerable Software and Affected Versions ThingsBoard versions prior to 4.2.1 Description An authenticated user can upload malicious SVG images through the "Image Gallery". This leads to a Stored Cross-Site Scripting XSS issue. The exploit is triggered when any user accesses the publi...

CVE-2025-62372

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape e.g. hidden dimension is wrong, regardless of whether...

Allocation Of Resources Without Limits Or Throttling

pdfmake is vulnerable to Allocation of Resources Without Limits or Throttling. The vulnerability is due to improper handling of repeatedly redirected URLs during file embedding, where the library follows redirect chains without enforcing limits, and an attacker can exploit this by supplying craft...

CVE-2025-62372

CVE-2025-62372 affects vLLM (inference/serving engine). From version 0.5.5 up to before 0.11.1, passing multimodal embedding inputs with correct ndim but incorrect shape (e.g., wrong hidden dimension) can crash the engine when serving multimodal models, regardless of whether those inputs are supp...