CVE-2025-11919

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

CVE-2025-11919

CVE-2025-11919 affects Wolfram Cloud (multi-tenant environment) where the default JVM can access temporary resources under /tmp, including other users’ TemporaryDirectory. A race during JVM startup allows an attacker with access to shared /tmp to create/replace .jar files via the -init file, caus...

CVE-2025-11919 Unprotected temporary directories in Wolfram Cloud may result in privilege escalation

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

EUVD-2025-210362

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

EUVD-2026-39777

Zed Attack Proxy ZAP ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter...

EUVD-2026-39773

An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service DoS via supplying a crafted PSD file...

EUVD-2026-39776

When used to deliver a signal to a specific thread, thrkill22 called pcansignal to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error to th...

EUVD-2026-39772

A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 JP2 file...

CVE-2026-57658

Administrator Arbitrary File Upload in TemplateSpare = 4.2.0 versions...

CVE-2026-57527

Zed Attack Proxy ZAP ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter...

CVE-2026-57315

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.45 versions...

CVE-2026-57321

Contributor Arbitrary File Deletion in H5P = 1.17.7 versions...

CVE-2026-56059

Subscriber Arbitrary File Upload in Travel Booking = 2.2.5 versions...

CVE-2026-56058

Subscriber Arbitrary File Upload in Quform = 2.23.0 versions...

CVE-2026-56066

Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images = 3.11.4 versions...

CVE-2026-56027

Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...

CVE-2026-45256

When used to deliver a signal to a specific thread, thrkill22 called pcansignal to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error to th...

CVE-2026-30040

A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 JP2 file...

CVE-2026-30041

An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service DoS via supplying a crafted PSD file...

CVE-2026-21734

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...