CVE-2025-54082

marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0, a vulnerability was discovered in the marshmallow-packages/nova-tiptap Laravel Nova package that allows unauthenticated users to upload arbitrary files to any Laravel disk configured in the...

CVE-2025-6377

Rockwell Automation Arena® has an input handling vulnerability where crafted DOE files can cause out-of-bounds writes, enabling remote code execution. Exploitation requires user interaction (opening a malicious file) and could execute arbitrary code in the administrator context, per the CVSS/ADRs...

IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Security Updates for Microsoft Excel Products (July 2025)

The Microsoft Excel Products are missing a security update. They are, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. CVE-2025-48812 - A remote code execution vulnerability. An...

CVE-2025-26074

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...

CVE-2025-52903

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0, the Command Execution feature of File Browser only allows the execution of shell command which have been predefined on a...

USN-7584-1: Roundcube vulnerability

It was discovered that Roundcube Webmail did not properly sanitize the from parameter in a URL, leading to PHP Object Deserialization. A remote attacker could possibly use this issue to execute arbitrary code...

CVE-2025-32797 Conda-build Insecure Build Script Permissions Enabling Arbitrary Code Execution

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the writebuildscripts function in conda-build creates the temporary build script condabuild.sh with overly permissive file permissions 0o766, allowing write access to all users. Attackers with filesystem...

CVE-2025-49131

FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container fastgpt-sandbox is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated...

CVE-2025-49008 Atheos Improper Input Validation Vulnerability Enables RCE in Common.php

Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of escapeshellcmd in /components/codegit/traits/execute.php allows argument injection, leading to arbitrary command execution. Atheos administrators and users of vulnerable version...

CVE-2025-48950

MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as /bin,/usr/bin, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directori...

CVE-2025-48389

CVE-2025-48389 affects FreeScout prior to version 1.8.178. The issue arises from deserialization of untrusted data when using the set function to pass a serialized object string, and deserialization occurs when retrieving an option via the get method, enabling arbitrary code execution. This vulne...

CVE-2023-45583

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13,...

CVE-2023-47620

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code...

CVE-2022-41138

In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution...

CVE-2022-36320

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 103...

CVE-2022-30738

Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script...

CVE-2021-25689

An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code...

CVE-2021-21978

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could uploa...

CVE-2021-0514

In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...