CVE-2023-54348

ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name fields that execute on the workstation of users who open the exported CSV in a spreadsheet application. Attackers can add malicious formulas like =10+20+cmd|' ...

CVE-2026-27214 Substance3D - Painter | NULL Pointer Dereference (CWE-476)

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires...

Panic When Opening or Sealing on Export-Only Context

Constructing an HPKE Context with the AEAD algorithm set to HpkeExport resulted in a panic when calling Context::seal, or Context::open. This was due to an underflowing integer subtraction when calculating the length of a vector allocation for the AEAD nonce, which would panic on its own in debug...

CVE-2025-36174

IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened...

CVE-2025-36174 IBM Integrated Analytics System file upload

IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened...

PT-2025-34310 · Maplesoft · Maple

Name of the Vulnerable Software and Affected Versions: Maple versions up to and including version 13 Description: Maple versions up to and including version 13 allow embedded commands to be executed automatically when a .maplet file is opened. This bypasses standard security restrictions that...

CVE-2011-10021 Magix Musik Maker <= v16 .mmm Stack-Based Buffer Overflow

Magix Musik Maker 16 is vulnerable to a stack-based buffer overflow due to improper handling of .mmm arrangement files. The vulnerability arises from an unsafe strcpy operation that fails to validate input length, allowing attackers to overwrite the Structured Exception Handler SEH. By crafting a...

PT-2025-15604 · Adobe · After Effects

Name of the Vulnerable Software and Affected Versions: After Effects versions 25.1, 24.6.4 and earlier Description: The issue is a NULL Pointer Dereference that could result in an application denial-of-service. An attacker could exploit this to crash the application, leading to a denial-of-servic...

PT-2024-6333 · Rockwell Automation · Rslogix 5

Name of the Vulnerable Software and Affected Versions: Rockwell Automation RSLogix 5 affected versions not specified Description: A feature in the affected products enables users to prepare a project file with an embedded VBA script and can be configured to run once the project file has been open...

PT-2023-8008 · Openkm · Openkm

Name of the Vulnerable Software and Affected Versions: OpenKM version 7.1.40 Description: A Stored Cross-Site Scripting XSS issue exists that allows an authenticated user to upload a note on a file, which acts as a stored XSS payload. Any user who opens the note of a document file will trigger th...

SUSE CVE-2017-17505

In HDF5 1.10.1, there is a NULL pointer dereference in the function H5Oplinedecode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file...

CVE-2022-41188

Due to lack of proper memory management, when a victim opens manipulated Wavefront Object .obj, ObjTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until...

CVE-2022-22538

When a user opens a manipulated Adobe Illustrator file format .ai, ai.x3d received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with...

CVE-2021-21450

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...

CVE-2020-6356

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...

CVE-2020-6336

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...

DEBIAN-CVE-2019-1010065

The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfsdent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfscattraverse in lines: 952, 1062. The attack...