4202 matches found
CVE-2025-54413
CVE-2025-54413 affects the Python package skops (versions ≤ 0.11.0) due to an inconsistency in the internal MethodNode, which can be exploited to access arbitrary object fields via dot notation during load. This can lead to arbitrary code execution at load time . The issue is fixed in version 12....
CVE-2025-54412
Skops (Python) CVE-2025-54412 involves an inconsistency in OperatorFuncNode validation that can let an attacker craft a model file which, while appearing to trust certain types, actually executes operator.call and arbitrary code during load. Affected versions: 0.11.0 and earlier; fixed in 0.12.0....
CVE-2025-46198
Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element...
CVE-2025-33076
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system...
Code Execution Vulnerability in Multiple Mozilla Products (CNVD-2025-20066)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products, whic...
CVE-2025-7298
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...
CVE-2025-7225
INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. User interaction is required to exploit this vulnerability in that the target must visit a malicio...
CVE-2018-25114
OSCommerce Online Merchant 2.3.4.1 : Remote code execution via insecure installer workflow. Unauthenticated attackers can access the install_4.php endpoint in an accessible /install/ directory and inject PHP code into configure.php, which is executed when included by the app. Affected component: ...
CVE-2025-34143 ETQ Reliance CG Authentication Bypass via Trailing Space RCE
An authentication bypass vulnerability exists in ETQ Reliance on the CG legacy platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login pag...
(0Day) Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...
CVE-2025-7324 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...
CVE-2025-7311
CVE-2025-7311 describes a memory‑corruption vulnerability in the IrfanView CADImage Plugin’s DWG file parsing. The flaw stems from insufficient validation of user‑supplied data during DWG parsing, allowing an attacker to potentially execute arbitrary code in the plugin’s process. Exploitation req...
CVE-2025-7297 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...
CVE-2025-7298
CVE-2025-7298 concerns IrfanView CADImage Plugin, where DXF file parsing lacks proper validation, enabling an out-of-bounds read that can lead to remote code execution. Affected component: CADImage Plugin’s DXF parser. Impact: arbitrary code execution in the plugin context if a user opens a craft...
CVE-2025-7285
CVE-2025-7285 concerns IrfanView CADImage Plugin where DXF file parsing lacks proper validation, triggering memory corruption. The vulnerability can permit remote code execution in the context of the affected process, with user interaction required (target must open a malicious DXF/page). Public ...
CVE-2025-7276 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...
CVE-2025-7239
CVE-2025-7239 affects the IrfanView CADImage Plugin. The vulnerability is a memory corruption flaw in DWG file parsing that can lead to remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The root cause is insufficient validation ...
CVE-2025-7253 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...
CVE-2025-7249
CVE-2025-7249 affects IrfanView CADImage Plugin and is a DWG file parsing memory corruption vulnerability. The flaw stems from insufficient validation of DWG data, enabling remote code execution in the plugin’s process when a user opens a malicious DWG or visits a malicious page. Attack scenario ...
CVE-2025-7243 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...