GO-2025-3802 Helm vulnerable to Code Injection through malicious chart.yaml content in helm.sh/helm

Helm vulnerable to Code Injection through malicious chart.yaml content in helm.sh/helm...

CVE-2025-0664

A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges...

GHSA-68R2-FWCG-QPM8

creationtimestamp| type| source ---|---|--- 2025-07-16 05:32:18+00:00| seen| https://gist.github.com/safer-bot/ac258bea45025717f0ed3e9461a069c2...

GHSA-P53J-G8PW-4W5F

creationtimestamp| type| source ---|---|--- 2025-07-16 04:24:10+00:00| seen| https://gist.github.com/safer-bot/930216c8ddbe20a630c79f2785e35eec 2025-07-16 09:49:54+00:00| seen| https://gist.github.com/safer-bot/57636fb56c908ea716ca50f36824e43c 2025-07-16 16:29:07+00:00| seen|...

CVE-2025-51650

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file...

CVE-2025-41236 VMXNET3 integer-overflow vulnerability

VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3...

CVE-2025-7042

Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT file...

CVE-2025-6971

Concrete details available: CVE-2025-6971 is a Use After Free vulnerability in SOLIDWORKS eDrawings (CATPRODUCT file reading) affecting SOLIDWORKS Desktop 2025 prior to SP3. The underlying issue is a use-after-free in CATPRODUCT parsing, enabling arbitrary code execution when opening a crafted CA...

RHEL 8 : emacs (RHSA-2025:11030)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:11030 advisory. GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the...

CVE-2025-53623

The Job Iteration API is an an extension for ActiveJob that make jobs interruptible and resumable Versions prior to 1.11.0 have an arbitrary code execution vulnerability in the CsvEnumerator class. This vulnerability can be exploited by an attacker to execute arbitrary commands on the system wher...

CVE-2025-7533

A vulnerability was found in code-projects Job Diary 1.0 and classified as critical. This issue affects some unknown processing of the file /view-details.php. The manipulation of the argument jobid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the...

CVE-2025-7508 code-projects Modern Bag product-update.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Modern Bag 1.0. Affected by this issue is some unknown functionality of the file /admin/product-update.php. The manipulation of the argument idProduct leads to sql injection. The attack may be launched remotely. Th...

CVE-2025-49532

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-49530

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-30312

Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-21165

Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-49724

Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network...

CVE-2025-49705

Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally...

PT-2025-29160 · Unknown · Code-Projects Library System

Name of the Vulnerable Software and Affected Versions: code-projects Library System version 1.0 Description: A critical vulnerability exists in code-projects Library System 1.0, allowing for unrestricted file upload. The issue is located in the /user/teacher/profile.php file, where manipulation o...

PT-2025-29170 · Unknown · Meshtastic

Name of the Vulnerable Software and Affected Versions: Meshtastic versions prior to 2.6.6 Description: Meshtastic is an open source mesh networking solution. The main matrix.yml GitHub Action is triggered by the pull request target event, which has extensive permissions and can be initiated by an...