CVE-2025-7251

The CVE-2025-7251 entry concerns IrfanView CADImage Plugin, where a DWG file parsing flaw allows an out-of-bounds read that can lead to remote code execution. The issue stems from insufficient validation of user-supplied data in DWG parsing, enabling an attacker to execute code in the context of ...

CVE-2025-7231

CVE-2025-7231 affects INVT VT-Designer. The flaw is in PM3 file parsing, caused by insufficient validation that can cause a write past the end of an allocated data structure, enabling remote code execution. Exploitation requires user interaction (target opens a malicious PM3/VM/related file or vi...

PT-2025-30279 · Commscope · Ruckus Zonedirector +1

Name of the Vulnerable Software and Affected Versions: CommScope Ruckus Unleashed versions prior to 200.15.6.212.14 and 200.17.7.0.139 CommScope Ruckus ZoneDirector versions prior to 10.5.1.0.279 Description: A hidden debug script .ap debug.sh invoked from the restricted command-line interface do...

Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2025-1817)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-46000

An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...

CVE-2024-39289

A code execution vulnerability has been discovered in the Robot Operating System ROS 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval function to process unsanitized, user-supplied parameter values via special converters fo...

CVE-2025-3753

A code execution vulnerability has been identified in the Robot Operating System ROS 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval function to process unsanitized, user-supplied input in the 'rosbag filter' command. This...

CVE-2024-39289

A code execution vulnerability has been discovered in the Robot Operating System ROS 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval function to process unsanitized, user-supplied parameter values via special converters fo...

CVE-2025-3753

The CVE-2025-3753 issue affects the ROS rosbag tool, specifically ROS Noetic Ninjemys and earlier. The root cause is the use of Python’s eval() to process unsanitized, user-supplied input within the rosbag filter command, enabling potential arbitrary Python code execution. Documents consistently ...

CVE-2024-39289 Unsafe use of eval() method in rosparam tool

A code execution vulnerability has been discovered in the Robot Operating System ROS 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval function to process unsanitized, user-supplied parameter values via special converters fo...

CVE-2024-39289

The CVE-2024-39289 entry concerns the ROS rosparam tool. Affected software: Robot Operating System (ROS) distributions Noetic Ninjemys and earlier, where rosparam processes unsanitized parameter values using special converters for angle representations in radians. Root cause: use of Python’s eval...

CVE-2024-39289 Unsafe use of eval() method in rosparam tool

A code execution vulnerability has been discovered in the Robot Operating System ROS 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval function to process unsanitized, user-supplied parameter values via special converters fo...

CVE-2025-7433

CVE-2025-7433 is a local privilege escalation affecting Sophos Intercept X for Windows with Central Device Encryption versions 2025.1 and older, enabling arbitrary code execution. The issue is confirmed across multiple sources in the connected set, including vendor advisories and PT security summ...

CVE-2025-53909 mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template

mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows...

AlmaLinux 8 : emacs (ALSA-2025:11030)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:11030 advisory. emacs: arbitrary code execution via Lisp macro expansion CVE-2024-53920 Tenable has extracted the preceding description block directly from the AlmaLinux security...

Langflow 1.2.x - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Langflow 1.2.x - Remote Code Execution RCE Date: 2025-07-11 Exploit Author: Raghad Abdallah Al-syouf Vendor Homepage: https://github.com/logspace-ai/langflow Software Link: https://github.com/logspace-ai/langflow/releases Version: = 1.2.x Tested on: Ubuntu /...

CVE-2025-50123

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a console and through exploitation of the hostname input...

SUSE-SU-2025:02295-1 Security update for go1.24

This update for go1.24 fixes the following issues: - Update to version go1.24.5 - CVE-2025-4674: Fixed potential command execution in untrusted VCS repositories. bsc1246118...

Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DM...

CVE-2025-47122

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...