GHSA-XM59-RQC7-HHVF nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows

Summary On Windows, converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a inkscape.bat file that defines a Windows batch script, capable of arbitrary code execution. When a user runs jupyter nbconvert --to pdf on a...

nbconvert 代码问题漏洞

nbconvert is a format conversion library organized by Jupyter. Converts Jupyter .ipynb notebook document files to another static format, including HTML, LaTeX, PDF, Markdown, and more. A code issue vulnerability exists in nbconvert 7.16.6 and earlier versions that stems from improper handling whe...

QNAP Systems Hero和QNAP Systems QTS SQL注入漏洞

QNAP Systems Hero and QNAP Systems QTS are both products of China-based Weilian Technology QNAP Systems.QNAP Systems Hero is a NAS operating system for file management. The system retains the application ecosystem of QTS and integrates the more powerful 128-bit ZFS file system to provide...

CVE-2025-64156

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute...

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion Specifically for versions 25.4, 23.16, 21.22 and earlier. The vulnerabilities are in the way ColdFusion handles file uploads, input validation, and data access. Users with high privileges can execute unauthorized code or access sensitive data without...

CVE-2025-64156

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute...

CVE-2025-64156

Fortinet FortiVoice contains an SQL injection vulnerability (CVE-2025-64156) due to improper neutralization of special elements in SQL commands. Affected versions: FortiVoice 6.0 (all), 6.4 (all), 7.0.0–7.0.7, and 7.2.0–7.2.2. An authenticated privileged attacker could exploit crafted requests to...

CVE-2025-64153

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized...

EUVD-2025-202278

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.1, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute...

CVE-2025-64153

CVE-2025-64153 is an OS command injection in Fortinet FortiExtender. A authenticated attacker can execute arbitrary commands via a crafted HTTP request due to improper input neutralization in FortiExtender versions 7.0, 7.2, 7.4.0–7.4.7, and 7.6.0–7.6.3. Public reports (Red Hat, CIRCL, CVE lists,...

PT-2025-50128

Name of the Vulnerable Software and Affected Versions Fortinet FortiVoice versions 6.0 all versions Fortinet FortiVoice versions 6.4 all versions Fortinet FortiVoice versions 7.0.0 through 7.0.7 Fortinet FortiVoice versions 7.2.0 through 7.2.2 Description The software contains an improper...

PT-2025-50176

Name of the Vulnerable Software and Affected Versions Microsoft Office Access affected versions not specified Description A relative path traversal issue exists in Microsoft Office Access. This allows an unauthorized attacker to execute code locally. The issue can also allow remote attackers to...

PT-2025-50114

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox versions 4.0 all versions Fortinet FortiSandbox versions 4.2 all versions Fortinet FortiSandbox versions 4.4.0 through 4.4.7 Fortinet FortiSandbox versions 5.0.0 through 5.0.2 Description The Fortinet FortiSandbox softwar...

CVE-2025-59890

Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access to execute unauthorized code or commands. This security issue has been fixed in the latest version of Galileo which is...

EUVD-2025-199818

Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access to execute unauthorized code or commands. This security issue has been fixed in the latest version of Galileo which is...

CVE-2025-59890

Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access to execute unauthorized code or commands. This security issue has been fixed in the latest version of Galileo which is...

CVE-2025-59890

Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access to execute unauthorized code or commands. This security issue has been fixed in the latest version of Galileo which is...

CVE-2025-59890

Eaton Galileo software is affected by CVE-2025-59890 due to improper input sanitization in the file archives upload function, enabling local path traversal that could allow an attacker with local access to execute unauthorized code or commands. The issue is tied to the Galileo file-archiver handl...

Eaton Galileo 安全漏洞

Eaton Galileo is a specialized management software platform for equipment configuration, monitoring and system integration from Eaton Corporation USA. A security vulnerability exists in Eaton Galileo that stems from improper input cleanup for the file archive upload function, which could allow a...

CVE-2025-58412

A improper neutralization of script-related html tags in a web page basic xss vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL...