Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of...

Fortinet FortiSandbox hcproxy Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiSandbox. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the handling of HA cluster paths. The issue results from the lack of proper...

EUVD-2024-38286

Malicious code in bioql PyPI...

Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Foxit PDF Reader Buffer Overflow Vulnerability (CNVD-2025-00955)

Foxit PDF Reader is China Foxit Foxit company a PDF reader. A buffer overflow vulnerability exists in Foxit PDF Reader version 2024.2.3.25184, which stems from a lack of proper validation of user-supplied data, resulting in the reading of data beyond the end of the allocated buffer, and can be...

Booking Calendar < 9.1.1 - PHP Object Injection

The plugin unserializes user data without being validated first, which could allow attackers to perform PHP object injection attack. If a timeline is published, unauthenticated attackers could perform such attack, otherwise any authenticated could. A suitable POP chain, from another plugin for...

IBM Cloud Pak for Applications 跨站脚本漏洞

IBM Cloud Pak for Applications is an application from IBM USA, Inc. A cross-site scripting vulnerability exists in IBM Cloud Pak for Applications, which stems from the product's lack of validation of user-side data, and could be exploited by an attacker to execute client-side code and potentially...

Microsoft 3D Viewer FBX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Foxit Reader XFA record remove remote code execution vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the XFA record remove method, which can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of proper validation of user-supplied data...

Foxit Reader Heap Buffer Overflow Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in BMP graphics parsing, which can be exploited by an attacker to execute arbitrary code in the context of the current process, due to a lack of proper validation of user-supplied data...