CVE-2025-49714

Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally...

CVE-2025-49691

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network...

CVE-2025-49729

Technical details about CVE-2025-49729 are not provided in the connected documents. The initial description notes a heap-based buffer overflow in RRAS that could enable remote code execution, but no affected product/version specifics or mitigations are included.

CVE-2025-49714

CVE-2025-49714 involves the Visual Studio Code Python Extension. The connected sources describe a trust boundary violation that can let an unauthorized attacker execute code locally, effectively a remote code execution scenario through the Python extension. The vulnerability is tied to Visual Stu...

CVE-2025-49700

CVE-2025-49700 is a Microsoft Word remote code execution vulnerability caused by a use-after-free in Word. Affected product: Microsoft Word (Office). Impact: local code execution with_high_ impact as per Microsoft’s CVSS (AV:L, AC:L, PR:N, UI:R, C:H/I:H/A:H). Remediation: Microsoft has released s...

CVE-2025-49697

CVE-2025-49697 is a Microsoft Office remote code execution vulnerability. The issue is described as a heap-based buffer overflow in Office that allows an attacker with local access to run arbitrary code on a vulnerable system, with no user interaction required (local access, no UI). Publicly avai...

Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability

Use after free in Windows KDC Proxy Service KPSSVC allows an unauthorized attacker to execute code over a network...

PT-2025-28556 · Microsoft · Windows Nt Rras +1

Name of the Vulnerable Software and Affected Versions: Windows Routing and Remote Access Service RRAS affected versions not specified Description: The issue is related to a heap-based buffer overflow in the Windows Routing and Remote Access Service RRAS, which allows an unauthorized attacker to...

PT-2025-28527 · Microsoft · Windows Nt Rras +1

Name of the Vulnerable Software and Affected Versions: Windows Routing and Remote Access Service RRAS affected versions not specified Description: The issue is related to a heap-based buffer overflow in the Windows Routing and Remote Access Service RRAS, which allows an unauthorized attacker to...

PT-2025-28567 · Microsoft · Windows Routing/Remote Access Service +1

Name of the Vulnerable Software and Affected Versions: Windows Routing and Remote Access Service RRAS affected versions not specified Description: A heap-based buffer overflow issue in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

PT-2025-28561 · Microsoft · Windows Routing/Remote Access Service +1

Name of the Vulnerable Software and Affected Versions: Windows Routing and Remote Access Service RRAS affected versions not specified Description: A heap-based buffer overflow issue in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

PT-2025-28596

Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: The issue is related to a use after free condition in Microsoft Office, which enables an unauthorized attacker to execute code locally. Recommendations: At the moment, there is no...

CVE-2025-52969

ClickHouse 25.7.1.557 allows low-privileged users to execute shell commands by querying existing Executable tables created by higher-privileged users. Although the CREATE TABLE privilege is restricted, there is no access control preventing low-privileged users from invoking Executable tables...

QNAP Qsync Central SQL Injection Vulnerability

QNAP Qsync Central is a cloud-based file synchronization service on NAS from Taiwan, China-based QNAP. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit the vulnerabili...

CVE-2025-52969

Removed by vendor...

CVE-2025-33122

CVE-2025-33122 affects IBM i 7.2–7.6, due to an unqualified library call in IBM Advanced Job Scheduler for i that can let a user gain elevated privileges (administrator) through user-controlled code. IBM’s bulletin confirms the affected releases and that the issue is fixed via PTF 5770-JS1 (skip ...

TencentOS Server 3: gimp:2.8 (TSSA-2024:0074)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0074 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-47174

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

CVE-2025-29828

Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network...

CVE-2025-31104

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker...