1542 matches found
PT-2025-47899
Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...
MGASA-2025-0307 Updated redis packages fix security vulnerabilities
A Lua script may lead to remote code execution. CVE-2025-49844 A Lua script may lead to integer overflow and potential RCE. CVE-2025-46817 A Lua script can be executed in the context of another user. CVE-2025-46818 LUA out-of-bound read. CVE-2025-46819...
Adobe Substance3D Stager Integer Underflow Vulnerability
Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. Adobe Substance3D Stager suffers from an integer underflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...
Adobe Illustrator on iPads Heap Buffer Overflow Vulnerability
Adobe Illustrator on iPad is a set of vector-based image creation software from the American company Audobee Adobe. A heap buffer overflow vulnerability exists in Adobe Illustrator on iPads, which can be exploited by an attacker to cause arbitrary code to be executed in the context of the current...
Adobe InDesign Memory Misreference Vulnerability (CNVD-2025-29698)
Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a memory misreference vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the context of the current user...
Adobe Substance3D Stager Memory Misreference Vulnerability
Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Substance3D Stager, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...
CVE-2025-61832
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2025-61839
Format Plugins versions 1.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...
CVE-2025-61819
Photoshop Desktop versions 26.8.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2025-61820
Adobe Illustrator is affected by a Heap-based Buffer Overflow vulnerability (CVE-2025-61820) in versions 28.7.10 through 29.8.2 and earlier. The issue could allow arbitrary code execution in the context of the current user and requires user interaction (victim must open a malicious file). Affecte...
Redis: Redis: Authenticated users can execute LUA scripts as a different user
A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...
Redis: Redis: Authenticated users can execute LUA scripts as a different user
A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...
PT-2025-46473
Name of the Vulnerable Software and Affected Versions Windows versions affected versions not specified Description An issue exists that allows for local privilege escalation. The problem stems from improper link resolution before file access 'link following' within the Host Process for Windows...
Teamcenter Visualization WRL File Parsing Vulnerabilities
Siemens Teamcenter Visualization contains multiple file-parsing vulnerabilities in its WRL-file reader that affect versions V14.2, V14.3, V2312, and V2406. If a user opens a specially crafted malicious WRL file, the application may crash or allow arbitrary code execution in the context of the...
CVE-2025-12486
Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Heimdall Data Database Proxy. Minimal user interaction is required to exploit this vulnerability. The specific...
Redis: Redis: Authenticated users can execute LUA scripts as a different user
A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...
Alibaba Cloud Workspace Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Alibaba Cloud Workspace Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
Redis: Redis: Authenticated users can execute LUA scripts as a different user
A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...
Redis: Redis: Authenticated users can execute LUA scripts as a different user
A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...
CVE-2025-59269
A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...