116 matches found
PT-2025-31243 · Autodesk · Autodesk Products
Name of the Vulnerable Software and Affected Versions: Autodesk products affected versions not specified Description: A maliciously crafted PRT file, when parsed, can lead to an Out-of-Bounds Write. This can result in a crash, data corruption, or arbitrary code execution within the current proces...
CVE-2023-38524
A vulnerability has been identified in Parasolid V34.1 All versions V34.1.258, Parasolid V35.0 All versions V35.0.254, Parasolid V35.1 All versions V35.1.171, Teamcenter Visualization V14.1 All versions V14.1.0.11, Teamcenter Visualization V14.2 All versions V14.2.0.6, Teamcenter Visualization...
CVE-2023-32418
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution...
CVE-2025-5099
CVE-2025-5099 affects Mobile Dynamix PrinterShare Mobile Print (Android). The KoreLogic advisory KL-001-2025-004 states an Out-of-Bounds Write in the native library during PDF rendering (libpdfrender.so) can cause memory corruption and potentially arbitrary code execution. Affected version: up to...
CVE-2021-21797
An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This can lea...
CVE-2025-47755
V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!VS4SaveEnvFile function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution...
Debian dla-4163 : bundler - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4163 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4163-1 [email protected]...
CVE-2025-4091
CVE-2025-4091 involves memory-safety bugs in Mozilla Firefox and Thunderbird. The initial entry notes memory corruption evidence and indicates that attackers could potentially exploit some bugs to run arbitrary code, affecting Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and T...
PyTorch torch.nn.utils.rnn.unpack_sequence function buffer overflow vulnerability
PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a buffer overflow vulnerability that stems from the failure of the function torch.nn.utils.rnn.unpacksequence to properly validate the length size of input data, which can be exploited by an attacker to execute arbitrary co...
APSB25-33 : Security update available for Adobe FrameMaker
Adobe has released a security update for Adobe FrameMaker. This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, memory leak and application denial-of-service...
CVE-2024-13645 TagDiv Composer <= 5.3 - Unauthenticated Arbitrary PHP Object Instantiation
The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers to Instantiate a PHP Object. No known POP chain is present in the vulnerable software, which mean...
CVE-2024-8238 Unrestricted Code Execution in aimhubio/aim
In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...
CVE-2025-2505 Age Gate <= 3.5.3 - Unauthenticated Local PHP File Inclusion via 'lang'
The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those...
Linux Distros Unpatched Vulnerability : CVE-2021-35266
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In NTFS-3G versions 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory...
Linux Distros Unpatched Vulnerability : CVE-2020-8945
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This lea...
Mozilla Firefox < 135.0.1
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 135.0.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2025-12 advisory. - Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume...
Ubuntu 22.04 LTS / 24.04 LTS / 24.10 : OpenRefine vulnerabilities (USN-7260-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7260-1 advisory. It was discovered that OpenRefine did not properly handle opening tar files. If a user or application were tricked into opening a...
CVE-2022-40985
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2024-10571
The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...
mozilla -- multiple vulnerabilities
[email protected] reports: A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have...