CVE-2025-61810

CVE-2025-61810 affects Adobe ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier. The root cause is a Deserialization of Untrusted Data vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation described: an attacker with high privileges can tri...

EUVD-2025-202197

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the theme parameter of /Mondo/lang/sys/Forms/Statistics.aspx. The theme value is insufficiently sanitized when processed via a GET request and is reflected in the response, allowing an attacker to bre...

Cursor 安全漏洞

Cursor is an AI code editor from Cursor open source. A security vulnerability exists in Cursor that stems from improper neutralization of special elements in OS commands, which could lead to arbitrary code execution...

AudioCodes Fax Server 安全漏洞

AudioCodes Fax Server is a fax server from AudioCodes Israel. A security vulnerability exists in AudioCodes Fax Server version 2.6.23 and earlier, which originates from an unverified backup upload endpoint and could lead to arbitrary file uploads and execution...

Vulnerability fixed in Fortinet FortiWeb

Fortinet has fixed a vulnerability in FortiWeb. Fortinet has fixed a vulnerability in FortiWeb. The vulnerability marked CVE-2025-64446 involves a relative path traversal vulnerability and allows an unauthenticated remote attacker to execute administrative commands via specially crafted HTTP...

CVE-2025-62369

Xibo is an open source digital signage platform with a web content management system CMS. Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS Developer menu's Module Templating functionality, allowing authenticated users with "System - Add/Edit custom modules and...

Jenkins Extensible Choice Parameter Plugin vulnerable to cross-site request forgery

Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to execute sandboxed Groovy code. As of publication of this advisory, the...

VulnCheck KEV: CVE-2021-26828

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via viewedit.shtm...

EUVD-2007-4818

Malware in sbrugna...

EUVD-2009-4530

Malware in sbrugna...

EUVD-2006-2474

Malware in sbrugna...

EUVD-2022-31931

Malicious code in bioql PyPI...

EUVD-2023-34749

Malicious code in bioql PyPI...

CVE-2025-9489

The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2025-58449

Maho is a free and open source ecommerce platform. In Maho prior to 25.9.0, an authenticated staff user with access to the Dashboard and Catalog\Manage Products permissions can create a custom option on a listing with a file input field. By allowing file uploads with a .php extension, the user ca...

Adobe Dreamweaver 21.0 < 21.6 Arbitrary code execution (APSB25-91) (macOS)

The version of Adobe Dreamweaver installed on the remote macOS host is prior to 21.6. It is, therefore, affected by a vulnerability as referenced in the APSB25-91 advisory. - Cross-Site Request Forgery CSRF CWE-352 potentially leading to Arbitrary code execution CVE-2025-54256 Note that Nessus ha...

shellshocker-pocs

This is a collection of Proof of Concepts PoCs and potential targets for the ShellShocker vulnerability. The PoCs are designed to exploit the vulnerability in various products and services, including XMPP ejabberd, Mailman, MySQL, NFS, Bind9, FTP, and others. The PoCs are primarily focused on...

postgresql: PostgreSQL code execution in restore operation

A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pgdump, pgdumpall, and pgrestore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to...

Ashlar-Vellum多款产品 缓冲区错误漏洞

Ashlar-Vellum Xenon and others are products of Ashlar-Vellum.Ashlar-Vellum Xenon is a CAD modeling software.Ashlar-Vellum Cobalt is a parametric-based computer-aided design and 3D modeling program.Ashlar-Vellum Argon is A 2D drafting and 3D modeling software. A buffer error vulnerability exists i...

MAL-2025-19305 Malicious code in elara-eventhoriz-nightwatch-exec (npm)

The package elara-eventhoriz-nightwatch-exec was found to contain malicious code...