CVE-2025-52969

ClickHouse 25.7.1.557 allows low-privileged users to execute shell commands by querying existing Executable tables created by higher-privileged users. Although the CREATE TABLE privilege is restricted, there is no access control preventing low-privileged users from invoking Executable tables...

QNAP Qsync Central SQL Injection Vulnerability

QNAP Qsync Central is a cloud-based file synchronization service on NAS from Taiwan, China-based QNAP. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit the vulnerabili...

CVE-2025-52969

Removed by vendor...

CVE-2025-33122

CVE-2025-33122 affects IBM i 7.2–7.6, due to an unqualified library call in IBM Advanced Job Scheduler for i that can let a user gain elevated privileges (administrator) through user-controlled code. IBM’s bulletin confirms the affected releases and that the issue is fixed via PTF 5770-JS1 (skip ...

TencentOS Server 3: gimp:2.8 (TSSA-2024:0074)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0074 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-47174

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

CVE-2025-29828

Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network...

CVE-2025-31104

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker...

CVE-2025-32717

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally...

CVE-2025-47175

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally...

CVE-2025-32710

Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network...

CVE-2025-31104

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker...

CVE-2025-31104

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker...

CVE-2025-31104

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker...

Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...

Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...

PT-2025-24866

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description The issue involves access of a resource using an incompatible type, also known as 'type confusion', in Microsoft Office. This allows an unauthorized attacker to execute code locally...

PT-2025-24907 · Microsoft · Visual Studio

Name of the Vulnerable Software and Affected Versions: Microsoft Visual Studio affected versions not specified Description: The issue is related to the improper neutralization of special elements used in a command, also known as 'command injection', in Microsoft Visual Studio. This allows an...

Security Updates for Microsoft Office Products (June 2025) (macOS)

The version of Microsoft Office for Mac installed on the remote host is affected by multiple vulnerabilities as referenced in the june-10-2025 advisory. - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2025-47164, CVE-2025-47953 - Use after free in...

CVE-2025-29892

An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6...