CVE-2025-47130

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

CVE-2025-49532

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-47121 Adobe Framemaker | Access of Uninitialized Pointer (CWE-824)

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-49526

CVE-2025-49526 affects Adobe Illustrator versions 28.7.6, 29.5.1 and earlier. The issue is an out-of-bounds write (CWE-787) that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction—victim must open a malicious file. Multiple connected so...

CVE-2025-21164

Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-49735

CVE-2025-49735 describes a use-after-free vulnerability in Windows KDC Proxy Service (KPSSVC) that could allow remote code execution over the network. The entry is publicly tracked with a Network attack vector, high impact on confidentiality, integrity, and availability (CVSS v3.1 base score 8.1)...

CVE-2025-7184

CVE-2025-7184 affects code-projects Library System 1.0, specifically the file path /user/teacher/books.php. The vulnerability is a SQL injection triggered by manipulating the argument named Search ; exploitation is possible remotely and has been disclosed publicly. Multiple sources describe the r...

CVE-2025-40740

A vulnerability has been identified in Solid Edge SE2025 All versions V225.0 Update 5. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the curre...

CVE-2025-7166

CVE-2025-7166 affects the code-projects Responsive Blog Site 1.0, with vulnerability in an unknown part of /single.php where manipulating the ID parameter leads to SQL injection. Multiple connected sources describe remote exploitation and public disclosure, implying exploitability in practice. Th...

PT-2025-28405 · Unknown · Code-Projects E-Commerce Website

Name of the Vulnerable Software and Affected Versions: code-projects E-Commerce Site version 1.0 Description: A critical issue has been found in the code-projects E-Commerce Site, affecting an unknown function of the file /admin/users photo.php. The manipulation of the photo argument leads to...

PT-2025-28639 · Dimension · Dimension

Name of the Vulnerable Software and Affected Versions: Dimension versions 4.1.2 and earlier Description: The issue is an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where ...

PT-2025-28492 · Adobe · Substance3D - Designer

Name of the Vulnerable Software and Affected Versions: Substance3D - Designer versions 14.1 and earlier Description: The issue is an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...

PT-2025-28617 · Microsoft · Windows Routing/Remote Access Service +1

Name of the Vulnerable Software and Affected Versions: Windows Routing and Remote Access Service RRAS affected versions not specified Description: A heap-based buffer overflow issue in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

PT-2025-28553

Name of the Vulnerable Software and Affected Versions: Windows Hyper-V affected versions not specified Description: The issue is an out-of-bounds read that allows an unauthorized attacker to execute code locally. Recommendations: At the moment, there is no information about a newer version that...

PT-2025-28493 · Adobe · Substance3D - Designer

Name of the Vulnerable Software and Affected Versions: Substance3D - Designer versions 14.1 and earlier Description: The issue is an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...

IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2025-6663 GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

CVE-2025-7101 BoyunCMS Configuration File install_ok.php code injection

A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects an unknown part of the file /install/installok.php of the component Configuration File Handler. The manipulation of the argument dbpass leads to code injection. It is possible to initiate the atta...

CVE-2025-27358

CVE-2025-27358 is a Content Injection (XSS) vulnerability affecting the WordPress plugin “Frontend File Manager” up to version 23.2. The issue arises from improper neutralization of script-related HTML tags in the web page, enabling code injection. Public details in the initial data indicate affe...

CVE-2025-43711

Tunnelblick 3.5beta06 before 7.0 is vulnerable to arbitrary code execution as root on the next boot when a crafted Tunnelblick.app is dragged into /Applications, due to incomplete uninstallation. Affected: Tunnelblick versions 3.5beta06–7.0 (per conflicting sources). Remediation: upgrade to a new...