CVE-2025-9223

Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature...

CVE-2025-42894

Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could enable the attacker to execute arbitrary operating system...

Security Updates for Microsoft Office Products (November 2025) (macOS)

The version of Microsoft Office for Mac installed on the remote host is affected by multiple vulnerabilities as referenced in the november-11-2025 advisory. - Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. CVE-2025-60724 ...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code in the victim's context and gain access to sensitive data. Successful exploitation requires the malicious party to tric...

EUVD-2025-93429

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...

EUVD-2025-93432

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...

EUVD-2025-93434

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

EUVD-2025-84349

Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature...

Redis: Redis: Authenticated users can execute LUA scripts as a different user

A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...

CVE-2025-9223 Command Injection

Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature...

CVE-2025-9223

ZOHO ManageEngine Applications Manager, affected through CVE-2025-9223, versions 178100 and below, is vulnerable to an authenticated command injection due to misconfiguration in the Execute Program/execute program action feature. The vulnerability allows total command execution with HIGH impact (...

EUVD-2025-60985

Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could enable the attacker to execute arbitrary operating system...

CVE-2025-42894

Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could enable the attacker to execute arbitrary operating system...

CVE-2025-42894 Path Traversal vulnerability in SAP Business Connector

Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could enable the attacker to execute arbitrary operating system...

PT-2025-46234

Name of the Vulnerable Software and Affected Versions SAP Business Connector affected versions not specified Description A Path Traversal issue exists in SAP Business Connector. An attacker with administrator privileges and adjacent access can read, write, overwrite, and delete arbitrary files on...

Microsoft Visual Studio 命令注入漏洞

Microsoft Visual Studio is a family of development toolkits from Microsoft Corporation in the United States and is a fundamentally complete set of development tools. A remote code execution vulnerability exists in Microsoft Visual Studio, which can be exploited by an attacker to execute code on t...

MAL-2025-53642 Malicious code in polycard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7e18708fe081142405b3e556739484b4ac0ace94ce702284ee12f53190543f3 The package polycard was found to contain malicious code. Source: ossf-package-analysis...

Inclusion of Web Functionality from an Untrusted Source

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Inclusion of Web Functionality from an Untrusted Source via the execute event handler used by the Direct Connections feature. An attacker can gain access to authentication tokens, take over user accounts, and...

GHSA-CM35-V4VP-5XVX Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events

Summary Open WebUI v0.6.33 and below contains a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers via Server-Sent Event SSE execute events. This leads to authentication token theft, comple...

CVE-2025-12854 newbee-mall-plus seckillExecution executeSeckill authorization

A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization bypass. It is possible to initiate the attack remotely. The attack is considered to...