CVE-2025-68278 tinacms vulnerable to arbitrary code execution

Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cl...

CVE-2025-12742 Remote Code Execution in Looker via Teradata JDBC Driver

A Looker user with a Developer role could cause Looker to execute a malicious command, due to insecure processing of Teradata driver parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user action is required...

PT-2023-8404 · Htmlunit · Htmlunit

Name of the Vulnerable Software and Affected Versions: HtmlUnit versions prior to 3.9.0 Description: HtmlUnit is a GUI-less browser for Java programs that is vulnerable to Remote Code Execution RCE via XSTL when browsing an attacker's webpage. The reason for the vulnerability is that the FEATURE...

CVE-2022-27791

Adobe Acrobat Reader DC CVE-2022-27791 is a stack-based buffer overflow in font processing that can lead to arbitrary code execution under the current user. Affected versions include 22.001.20085 and earlier; 20.005.3031x and earlier; 17.012.30205 and earlier. Exploitation requires user interacti...

Adobe Acrobat < 17.012.30227 / 20.005.30331 / 22.001.20112 Multiple Vulnerabilities (APSB22-16)

The version of Adobe Acrobat installed on the remote Windows host is a version prior to 17.012.30227, 20.005.30331, or 22.001.20112. It is, therefore, affected by multiple vulnerabilities. - Adobe Acrobat Reader version 22.001.20085 and earlier, 20.005.30314 and earlier and 17.012.30205 and earli...

CVE-2021-30201

CVE-2021-30201 affects Kaseya VSA (on‑premises/server side) where the API /vsaWS/KaseyaWS.asmx processes XML with external entities. The vulnerability arises from insecure handling of XML external entities, allowing an attacker to cause the server to read local files (e.g., c:\kaseya\kserver\kser...

Denial Of Service

opencast-kernel is vulnerable to denial of service. The vulnerability exists due to an insecure processing of a single HTTP request to parse XML through the system, causing it to expand a .crafted string 100,000 times causing the system to hang...

CVE-2020-6238

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability partially of SAP Commerce...

The vulnerability of Google Chrome, related to the insecure processing of credit card data during autofilling, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Google Chrome relates to the insecure processing of credit card data during automatic filling. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a specially created HTML page...