WordPress ImageMagick Engine plugin < 1.7.11 - Administrator+ OS Command Injection vulnerability

Administrator+ OS Command Injection vulnerability discovered by Chaiwat Thongyaem in WordPress Plugin ImageMagick Engine versions 1.7.11...

CVE-2025-23123

A malicious actor with access to the management network could execute a remote code execution RCE by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras Version 4.75.43 and earlier firmware...

PT-2025-21990 · Unknown · Easyvirt Dc Netscope

Name of the Vulnerable Software and Affected Versions: EasyVirt DC NetScope versions 8.7.0 and earlier Description: The issue allows remote authenticated attackers to execute arbitrary code. This can be achieved via several parameters, including the lang parameter to...

Adobe Substance3D-Stager Resource Management Error Vulnerability (CNVD-2025-10387)

Adobe Substance3D-Stager is a 3D design and rendering software developed by Adobe for creating and presenting 3D scenes. Adobe Substance3D-Stager suffers from a resource management error vulnerability that can be exploited by attackers to execute arbitrary code...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-10510)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on the system...

CVE-2025-0921

Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian version...

ruby:2.5 security update

ruby 2.5.9-114 - Fix integer overflow in searchinrange function in regexec.c CVE-2019-19012. Resolves: RHEL-87505 rubygem-abrt rubygem-bson rubygem-bundler 1.16.1-5 - Fix unexpected code execution in Gemfiles CVE-2021-43809 Resolves: RHEL-87017 rubygem-mongo rubygem-mysql2 rubygem-pg...

Ivanti Endpoint Manager Mobile Code Execution Vulnerability

Ivanti Endpoint Manager Mobile EPMM is an enterprise-grade mobile device management solution for centralized management and protection of mobile devices in the enterprise, supporting device enrollment, application distribution, security policy enforcement, and more. A code execution vulnerability...

Security Updates for Outlook C2R (May 2025)

The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by a remote code execution vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...

CVE-2025-47788

Affected software: Atheos self-hosted browser-based IDE. Vulnerability: Prior to v602, the $target parameter in /controller.php was not properly validated, enabling path traversal to read/execute arbitrary files on the server. Root cause: insufficient input validation in the target parameter hand...

CVE-2025-32704

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

WordPress plugin Jetpack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-4561

The KFOX from KingFor has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privilege to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

Google Chrome Code Execution Vulnerability (CNVD-2025-10928)

Google Chrome is a web browser from Google, an American company. Google Chrome has a code execution vulnerability that can be exploited by attackers to cause heap corruption...

Alibaba Cloud Linux 3 : 0147: php:7.4 (ALINUX3-SA-2022:0147)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0147 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-21703: In PHP versions 7.3.x up t...

ALSA-2025:7539 Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: oniguruma: integer overflow in searchinrange function in regexec.c leads to out-of-bounds read CVE-2019-19012 rubygem-bundler:...

CVE-2025-30397

Access of resource using incompatible type 'type confusion' in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network...

CVE-2025-30382 Microsoft SharePoint Server Remote Code Execution Vulnerability

...

CVE-2025-30376 Microsoft Excel Remote Code Execution Vulnerability

...

CVE-2025-29977

CVE-2025-29977 is a Microsoft Excel remote code execution vulnerability caused by a use-after-free in Excel. Exploitation can allow an attacker with local access to execute arbitrary code; user interaction is required per the CVSS, with high impact on confidentiality, integrity and availability. ...