CVE-2025-1771

The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotelaloneloadmorepost' function 'style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

nest allows a remote attacker to execute arbitrary code via the Content-Type header

File Upload vulnerability in nestjs nest prior to v.11.0.16 allows a remote attacker to execute arbitrary code via the Content-Type header...

Security Bulletin: IBM Security QRadar EDR Software has multiple vulnerabilities

Summary IBM Security QRadar EDR Software is affected by multiple vulnerabilities that could allow a remote attacker to bypass security restrictions, decrypt sensitive credentials, execute arbitrary code, or steal authentication tokens. These vulnerabilities have been addressed in the latest updat...

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

...

CVE-2025-24043

Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network...

CVE-2025-24081

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

CVE-2025-1432 3DM File Parsing Use-After-Free Vulnerability

A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-1432 3DM File Parsing Use-After-Free Vulnerability

A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

X.Org Server PlayReleasedEvents Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of device...

USN-7349-1 rar vulnerabilities

It was discovered that RAR incorrectly handled certain paths. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to write arbitrary files outside of the targeted directory. CVE-2022-30333 It was discovered th...

CVE-2025-27167

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical...

CVE-2025-27167

CVE-2025-27167 affects Adobe Illustrator. The vulnerability is an Untrusted Search Path issue that could allow a local attacker to cause arbitrary code execution or access/modify data by manipulating the search path used to locate critical resources. Affected products include Illustrator versions...

CVE-2025-27167 Illustrator | Untrusted Search Path (CWE-426)

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical...

CVE-2025-27394

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly sanitize user input when creating new SNMP users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device...

CVE-2025-27393

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly sanitize user input when creating new users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device...

CVE-2025-23400

A vulnerability has been identified in Teamcenter Visualization V14.3 All versions V14.3.0.13, Teamcenter Visualization V2312 All versions V2312.0009, Teamcenter Visualization V2406 All versions V2406.0007, Teamcenter Visualization V2412 All versions V2412.0002, Tecnomatix Plant Simulation V2302...

WordPress plugin Review Schema 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-13890

The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to allowing PHP code to be entered by all users for whom unfiltered HTML is allowed. This makes it possible for authenticated attackers, with Editor-level access a...

WordPress Allow PHP Execute plugin <= 1.0 - Authenticated (Editor+) PHP Code Injection vulnerability

Authenticated Editor+ PHP Code Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Allow PHP Execute versions = 1.0...

WordPress plugin Allow PHP Execute 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...