PT-2025-21037 · Adobe · Substance3D - Stager

Name of the Vulnerable Software and Affected Versions: Substance3D - Stager versions 3.1.1 and earlier Description: The issue is an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...

PT-2025-23172 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.178 Description: The issue is related to insufficient validation of user input in the php path parameter, allowing code injection. This occurs because backticks characters and tabulation are not removed from us...

PT-2025-23171 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.178 Description: The issue is related to the deserialization of untrusted data due to insufficient validation, allowing arbitrary code execution. This occurs when a string with a serialized object is passed...

PT-2025-20983 · Adobe · Indesign Desktop

Name of the Vulnerable Software and Affected Versions: InDesign Desktop versions ID19.5.2, ID20.2 and earlier Description: The issue is an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...

PT-2025-21040 · Dimension · Dimension

Name of the Vulnerable Software and Affected Versions: Dimension versions 4.1.2 and earlier Description: The issue is an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. To exploit this problem, it is necessary for the victim to...

PT-2025-21039 · Adobe · Substance3D - Stager

Name of the Vulnerable Software and Affected Versions: Substance3D - Stager versions 3.1.1 and earlier Description: The issue is a "Use After Free" vulnerability that could result in arbitrary code execution in the context of the current user. To exploit this problem, the victim must open a...

PT-2025-20824 · Conda Forge +2 · Conda-Forge Openssl-Feedstock +2

Name of the Vulnerable Software and Affected Versions: conda-forge openssl-feedstock versions before 066e83c 2024-05-20 Miniforge versions before 24.5.0 Description: The issue concerns a configuration in conda-forge openssl-feedstock on Microsoft Windows, where OpenSSL uses an OPENSSLDIR file pat...

PT-2025-20859 · Siemens · Teamcenter Visualization

Name of the Vulnerable Software and Affected Versions: Teamcenter Visualization versions prior to V14.3.0.14 Teamcenter Visualization versions prior to V2312.0010 Teamcenter Visualization versions prior to V2406.0008 Teamcenter Visualization versions prior to V2412.0004 Description: A vulnerabili...

PT-2025-21034 · Adobe · Substance3D - Stager

Name of the Vulnerable Software and Affected Versions: Substance3D - Stager versions 3.1.1 and earlier Description: The issue is a "Use After Free" vulnerability that could result in arbitrary code execution in the context of the current user. To exploit this problem, user interaction is required...

D-Link DIR-619L wan_connected buffer overflow vulnerability

The D-Link DIR-619L is a cost-effective wireless router designed for home office Internet needs. The D-Link DIR-619L suffers from a buffer overflow vulnerability that stems from the improper handling of the wanconnected parameter in the formEasySetupWizard3 function, which can be exploited by an...

PT-2025-20685 · Unknown · Kingfor Kfox

Name of the Vulnerable Software and Affected Versions: KingFor KFOX affected versions not specified Description: The issue allows remote attackers with regular privileges to upload and execute web shell backdoors, enabling arbitrary code execution on the server. This is due to an arbitrary file...

PT-2025-20599 · Unknown · Code-Server

Name of the Vulnerable Software and Affected Versions: code-server versions prior to 4.99.4 Description: The issue allows an attacker to gain access to the session token through a maliciously crafted URL using the proxy subpath. This can result in the attacker proxying to an arbitrary domain,...

CVE-2025-4098

CVE-2025-4098 affects Horner Automation Cscape 10.0 (10.0.415.2) SP1. The vulnerability is an out-of-bounds read in a component/function used by Cscape that could allow an attacker to disclose information and potentially execute arbitrary code on affected installations. The CVSS metrics indicate ...

CVE-2025-4208 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Limited Code Execution via get_table_records Function

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the gettablerecords function. This is due to the unsanitized use of user-supplied input in calluserfunc. This makes it...

CVE-2025-20181

A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the...

CVE-2025-47691

CVE-2025-47691 corresponds to an authenticated Arbitrary Function Call/Code Injection vulnerability in the WordPress plugin Ultimate Member up to version 2.10.3. The issue is categorized as Improper Generation of Code and affects Ultimate Member until 2.10.3. The CVSSbase score is 5.5 (Medium); a...

CVE-2025-25014 Kibana arbitrary code execution via prototype pollution

A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints...

CVE-2025-27132 arkcompiler_ets_runtime has an out-of-bounds write vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios...

CVE-2025-43845 GHSL-2025-015_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to code injection. The ckptpath2 variable takes user input e.g. a path to a model and passes it to changeinfo function, which opens and reads the file on the given path...

PT-2025-24447

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: A logic error in the code may allow a lock screen bypass, potentially leading to local privilege escalation without requiring additional execution privileges or user interaction. The...