Lucene search
K

1542 matches found

Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.3 views

PT-2025-47899

Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...

5.1CVSS5.8AI score0.0025EPSS
Exploits0References2
OSV
OSV
added 2025/11/21 7:56 p.m.5 views

MGASA-2025-0307 Updated redis packages fix security vulnerabilities

A Lua script may lead to remote code execution. CVE-2025-49844 A Lua script may lead to integer overflow and potential RCE. CVE-2025-46817 A Lua script can be executed in the context of another user. CVE-2025-46818 LUA out-of-bound read. CVE-2025-46819...

9.9CVSS8.3AI score0.86767EPSS
Exploits15References5
CNVD
CNVD
added 2025/11/14 12:0 a.m.2 views

Adobe Substance3D Stager Integer Underflow Vulnerability

Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. Adobe Substance3D Stager suffers from an integer underflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...

7.8CVSS7.3AI score0.00216EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/14 12:0 a.m.3 views

Adobe Illustrator on iPads Heap Buffer Overflow Vulnerability

Adobe Illustrator on iPad is a set of vector-based image creation software from the American company Audobee Adobe. A heap buffer overflow vulnerability exists in Adobe Illustrator on iPads, which can be exploited by an attacker to cause arbitrary code to be executed in the context of the current...

7.8CVSS7.6AI score0.00275EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/14 12:0 a.m.6 views

Adobe InDesign Memory Misreference Vulnerability (CNVD-2025-29698)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a memory misreference vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the context of the current user...

7.8CVSS7.3AI score0.00265EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/14 12:0 a.m.2 views

Adobe Substance3D Stager Memory Misreference Vulnerability

Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Substance3D Stager, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...

7.8CVSS7.3AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/12 5:7 p.m.6 views

CVE-2025-61832

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.7AI score0.00303EPSS
Exploits0References1
NVD
NVD
added 2025/11/11 7:15 p.m.4 views

CVE-2025-61839

Format Plugins versions 1.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...

7.8CVSS0.00241EPSS
Exploits0References1
OSV
OSV
added 2025/11/11 6:15 p.m.5 views

CVE-2025-61819

Photoshop Desktop versions 26.8.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00325EPSS
Exploits0References1
CVE
CVE
added 2025/11/11 5:16 p.m.14 views

CVE-2025-61820

Adobe Illustrator is affected by a Heap-based Buffer Overflow vulnerability (CVE-2025-61820) in versions 28.7.10 through 29.8.2 and earlier. The issue could allow arbitrary code execution in the context of the current user and requires user interaction (victim must open a malicious file). Affecte...

7.8CVSS7.3AI score0.00303EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2025/11/11 3:7 p.m.5 views

Redis: Redis: Authenticated users can execute LUA scripts as a different user

A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...

7.3CVSS7.5AI score0.00701EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/11/11 1:58 p.m.2 views

Redis: Redis: Authenticated users can execute LUA scripts as a different user

A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...

7.3CVSS7.5AI score0.00701EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.7 views

PT-2025-46473

Name of the Vulnerable Software and Affected Versions Windows versions affected versions not specified Description An issue exists that allows for local privilege escalation. The problem stems from improper link resolution before file access 'link following' within the Host Process for Windows...

7.8CVSS5.4AI score0.04666EPSS
Exploits0References32
Tenable Nessus
Tenable Nessus
added 2025/11/07 12:0 a.m.4 views

Teamcenter Visualization WRL File Parsing Vulnerabilities

Siemens Teamcenter Visualization contains multiple file-parsing vulnerabilities in its WRL-file reader that affect versions V14.2, V14.3, V2312, and V2406. If a user opens a specially crafted malicious WRL file, the application may crash or allow arbitrary code execution in the context of the...

7.8CVSS6.3AI score0.00272EPSS
Exploits0References27
NVD
NVD
added 2025/11/06 9:15 p.m.7 views

CVE-2025-12486

Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Heimdall Data Database Proxy. Minimal user interaction is required to exploit this vulnerability. The specific...

8.8CVSS0.00444EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/10/30 2:18 p.m.3 views

Redis: Redis: Authenticated users can execute LUA scripts as a different user

A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...

7.3CVSS7.5AI score0.00701EPSS
Exploits0References7
Zero Day Initiative
Zero Day Initiative
added 2025/10/30 12:0 a.m.5 views

Alibaba Cloud Workspace Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Alibaba Cloud Workspace Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.3CVSS7.5AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/10/29 9:45 a.m.3 views

Redis: Redis: Authenticated users can execute LUA scripts as a different user

A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...

7.3CVSS7.5AI score0.00701EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/10/29 9:38 a.m.3 views

Redis: Redis: Authenticated users can execute LUA scripts as a different user

A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...

7.3CVSS7.5AI score0.00701EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/10/16 2:51 p.m.4 views

CVE-2025-59269

A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.4CVSS5.7AI score0.00263EPSS
Exploits0References1
Rows per page
Query Builder