CVE-2025-4125

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file...

CVE-2025-4022 web-arena-x webarena evaluators.py HTMLContentEvaluator code injection

A vulnerability was found in web-arena-x webarena up to 0.2.0. It has been declared as critical. This vulnerability affects the function HTMLContentEvaluator of the file webarena/evaluationharness/evaluators.py. The manipulation of the argument target"url" leads to code injection. The attack can ...

CVE-2025-4022

CVE-2025-4022 concerns web-arena-x webarena up to version 0.2.0. The vulnerability lies in the function HTMLContentEvaluator located at we barena/evaluation_harness/evaluators.py, where manipulation of the argument target["url"] enables code injection. The attack is remote and the exploit has bee...

CVE-2025-44134

A vulnerability was found in Code-Projects Online Class and Exam Scheduling System 1.0 in the file /Scheduling/pages/classsave.php. Manipulation of parameter class will lead to SQL injection attacks...

CVE-2025-3842

The CVE-2025-3842 entry concerns panhainan DS-Java 1.0, specifically the function uploadUserPic.action in FileUpload.java. The issue arises from manipulation of the fileUpload argument, leading to code injection. The vulnerability is described as exploitable remotely, with public disclosures of t...

CVE-2025-29281

In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them...

CVE-2025-3563

A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument Setting leads to code injection. The attac...

Microsoft Edge (Chromium) < 135.0.3179.73 (CVE-2025-29834)

The version of Microsoft Edge installed on the remote Windows host is prior to 135.0.3179.73. It is, therefore, affected by a vulnerability as referenced in the April 11, 2025 advisory. - Out-of-bounds read in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a...

GHSA-M454-3XV7-QJ85

creationtimestamp| type| source ---|---|--- 2025-04-11 04:49:36+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11384...

PT-2025-16139 · Mediawiki · Mediawiki - Tabs Extension

Name of the Vulnerable Software and Affected Versions: Mediawiki - Tabs Extension versions 1.39 through 1.43 Description: The issue is related to an Improper Input Validation vulnerability that allows Code Injection in the Mediawiki - Tabs Extension. Recommendations: For versions 1.39 through 1.4...

CVE-2025-2632

Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects ...

Microsoft Office Code Execution Vulnerability (CNVD-2025-10659)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

Microsoft Office Code Execution Vulnerability (CNVD-2025-10658)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

Microsoft Office Code Execution Vulnerability (CNVD-2025-10657)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

Microsoft Office Code Execution Vulnerability (CNVD-2025-10660)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

EUVD-2025-11915

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security protections...

CVE-2025-30298 Adobe Framemaker | Stack-based Buffer Overflow (CWE-121)

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-29823

The CVE-2025-29823 entry describes a use-after-free vulnerability in Microsoft Excel (part of Microsoft Office) that enables local arbitrary code execution. The initial description states an unauthorized attacker could execute code locally due to the flaw. Connected documents corroborate exposure...

CVE-2025-3285

Rockwell Automation Arena is affected by local code execution bugs (CVE-2025-3285) caused by improper validation of user-supplied data, enabling a threat actor to read outside the allocated memory buffer. Exploitation requires a legitimate user to open a malicious DOE file, allowing information d...

CVE-2025-3248

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code...