PT-2025-32051 · Kenwood · Kenwood Dmx958Xr

Name of the Vulnerable Software and Affected Versions: Kenwood DMX958XR affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices without authentication. The flaw resides in the...

PT-2025-32053 · Kenwood · Kenwood Dmx958Xr

Name of the Vulnerable Software and Affected Versions: Kenwood DMX958XR affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected Kenwood DMX958XR devices without authentication. The flaw resides in the firmware update proces...

CVE-2025-8518

A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. The attack may be launched remotely. The exploit has bee...

CVE-2025-51387

The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be...

CVE-2025-6014

CVE-2025-6014 affects Vault and Vault Enterprise: the TOTP Secrets Engine code validation endpoint can reuse codes within its validity period due to a coding issue. This is a vulnerability in the TOTP verification path, with the impact described as high confidentiality risk and no integrity/avail...

CVE-2025-8441 code-projects Online Medicine Guide pharsignup.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /pharsignup.php. The manipulation of the argument phuname leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-4422

The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...

CVE-2025-4426

The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...

Apple macOS Sequoia has an unspecified vulnerability (CNVD-2025-18404)

Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia suffers from a security vulnerability that stems from insufficient privilege restrictions, which can be exploited by attackers to cause malicious applications to gain root privileges...

PT-2025-31676 · Freshrss · Freshrss

Name of the Vulnerable Software and Affected Versions: FreshRSS versions 1.26.1 and below Description: FreshRSS is a free, self-hostable RSS aggregator. An authenticated administrator user can execute arbitrary code on the FreshRSS server by modifying the update URL to one they control, and gain...

PT-2025-31662 · Hashicorp · Vault +1

Name of the Vulnerable Software and Affected Versions: Vault versions prior to 1.20.1 Vault Enterprise versions prior to 1.20.1 Vault Enterprise version 1.19.7 Vault Enterprise version 1.18.12 Vault Enterprise version 1.16.23 Description: The Time-based One-Time Password TOTP Secrets Engine in...

(0Day) (Pwn2Own) Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results...

PT-2025-31605 · Unknown · Code-Projects Online Movie Streaming

Name of the Vulnerable Software and Affected Versions: code-projects Online Movie Streaming version 1.0 Description: A critical issue exists in code-projects Online Movie Streaming 1.0 related to missing authorization. The vulnerability is located in an unknown functionality of the...

CVE-2025-26063

An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted payload into the ESSID name when creating a network...

CVE-2025-54583 GitProxy bypasses approvals when pushing multiple branches

GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted...

CVE-2025-25691

A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request...

CVE-2025-8326 code-projects Exam Form Submission delete_s7.php sql injection

A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/deletes7.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...

CVE-2025-25691

A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request...

CVE-2025-25692

A PHAR deserialization vulnerability in the getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request...

CVE-2025-46059

langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application via a crafted email message. NOTE: this is disputed by the Supplier because the...