CVE-2026-49344

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine /admin/queries/execute accepts a JSON DSL from / select / filters / traverse / output, translates it into an Eloquent query, and returns results as JSON...

CVE-2026-4027 FlexNet Manager Suite Attachment File Disclosure

A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 and R2 that could allow unauthorized access to attachment files due to insufficient access control...

EUVD-2025-209132

A Stored Cross-site Scripting XSS vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2026-3476

SOLIDWORKS Desktop is affected by CVE-2026-3476, a code injection vulnerability impacting releases 2025 through 2026. The flaw allows arbitrary code execution on the user’s machine when opening a specially crafted file. Attack vector is LOCAL and require user interaction; exploitation is prioriti...

CVE-2026-3476 Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026

A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file...

CVE-2026-3476 Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026

A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file...

PT-2026-25703

Name of the Vulnerable Software and Affected Versions SOLIDWORKS Desktop versions 2025 through 2026 Description A code injection issue exists in SOLIDWORKS Desktop. Successful exploitation while opening a specially crafted file could allow an attacker to execute arbitrary code on the user's...

CVE-2026-24874

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in themrdemonized xray-monolith.This issue affects xray-monolith: before 2025.12.30...

CVE-2026-1284

CVE-2026-1284 is an Out-Of-Bounds Write in the EPRT file reading path of SOLIDWORKS eDrawings, affecting SOLIDWORKS Desktop 2025–2026. A crafted EPRT file could enable arbitrary code execution during file open. Multiple sources corroborate the same description across NVD/Red Hat/CIRCL/CVE lists, ...

Photon OS 4.0: Linux PHSA-2025-4.0-0930

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0930. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

EUVD-2025-200140

Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

PT-2025-48596

Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

PT-2025-48591

Name of the Vulnerable Software and Affected Versions Fingerprint trustlet versions prior to SMR Dec-2025 Release 1 Description An out-of-bounds write issue exists in the decoding of metadata within the fingerprint trustlet. This allows a local privileged attacker to write to memory outside of...

Photon OS 5.0: Linux PHSA-2025-5.0-0679

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0679. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

EUVD-2025-33682

Improper access control in SecSettings prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability...

Photon OS 4.0: Sqlite PHSA-2025-4.0-0873

An update of the sqlite package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0873. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-9449 Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file...

Moderate Photon OS Security Update - PHSA-2025-4.0-0869

Updates of 'cpio' packages of Photon OS have been released...

CVE-2025-6796

creationtimestamp| type| source ---|---|--- 2025-06-27 03:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-451/...

CVE-2025-20945

Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch...