DataType | ProblemTypes | Impact | Publishdate | |
---|---|---|---|---|
Threat detailsA security bypass vulnerability allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the content of the original tab, leading to credential theft and other security risks. This issue affects DataSync Center: from 1.1.0 before 1.1.0.r207, and from 1.2.0 before 1.2.0.r206. | CVE | 07-09-2025 | ||
Threat detailsThe device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). Exploiting OS command injection through these APIs, an attacker can send arbitrary commands that are executed with administrative permissions by the underlying operating system. | CVE | 07-09-2025 | ||
Threat detailsAn unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) configuration. The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). An attacker can use these APIs to get access to all system settings, modify the configuration and execute some commands (e.g., system reboot). | CVE | 07-09-2025 | ||
Threat detailsThe Linux distribution underlying the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) is obsolete and reached end of life (EOL) on June 30, 2024. Thus, any unmitigated vulnerability could be exploited to affect this product. | CVE | 07-09-2025 | ||
Threat detailsThe Linux deprivileged user vpuser in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) can read the entire file system content, including files belonging to other users and having restricted access (like, for example, the root password hash). | CVE | 07-09-2025 | ||
Threat detailsRestricted shell rbash evasion in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) allows the user vpuser to start a full-feature shell. A user with vpuser credentials that opens an SSH connection to the device, gets a restricted shell rbash that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the rbash restrictions. | CVE | 07-09-2025 | ||
Threat detailsAn improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior. This issue affects ADM: from 4.1 before 4.3.1.R5A1. | CVE | 07-09-2025 | ||
Threat detailsA flaw exists in gdk-pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution. | CVE | CWE-120 | 07-09-2025 | |
Threat detailsA vulnerability was found in Campcodes Payroll Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_deductions. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-09-2025 |
Threat detailsA vulnerability was found in Campcodes Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=delete_allowances. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-09-2025 |
Threat detailsA vulnerability was found in Campcodes Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=delete_position. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-09-2025 |
Threat detailsThe SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.3 via the use of file_exists() in the delete_entry_files() function without restriction on the path provided. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | CVE | CWE-502 | NETWORK: HIGH | 07-09-2025 |
Threat detailsThe SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | CVE | CWE-73 | NETWORK: LOW | 07-09-2025 |
Threat detailsA vulnerability has been found in Campcodes Payroll Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=save_position. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-09-2025 |
Threat detailsA vulnerability, which was classified as critical, was found in lty628 Aidigu up to 1.8.2. This affects the function checkUserCookie of the file /application/common.php of the component PHP Object Handler. The manipulation of the argument rememberMe leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | CVE | CWE-20, CWE-502 | NETWORK: LOW | 07-09-2025 |
Threat detailsA vulnerability, which was classified as problematic, has been found in FNKvision FNK-GU2 up to 40.1.7. Affected by this issue is some unknown functionality of the file /rom/wpa_supplicant.conf. The manipulation leads to cleartext storage of sensitive information. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | CVE | CWE-310, CWE-312 | PHYSICAL: HIGH | 07-09-2025 |
Threat detailsA vulnerability classified as problematic was found in FNKvision FNK-GU2 up to 40.1.7. Affected by this vulnerability is an unknown functionality of the file /etc/shadow of the component MD5. The manipulation leads to risky cryptographic algorithm. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | CVE | CWE-310, CWE-327 | PHYSICAL: HIGH | 07-09-2025 |
Threat detailsThe Simple Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slideshow’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | CVE | CWE-79 | NETWORK: LOW | 07-09-2025 |
Threat detailsThe Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user's identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. | CVE | CWE-620 | NETWORK: LOW | 07-09-2025 |
Threat detailsRejected reason: Not used
| CVE | LOW | 07-09-2025 | |
Threat detailsRejected reason: Not used
| CVE | LOW | 07-09-2025 | |
Threat detailsRejected reason: Not used
| CVE | LOW | 07-09-2025 | |
Threat detailsRejected reason: Not used
| CVE | LOW | 07-09-2025 | |
Threat detailsRejected reason: Not used
| CVE | LOW | 07-09-2025 | |
Threat detailsRejected reason: Not used
| CVE | LOW | 07-09-2025 | |
Threat detailsRejected reason: Not used
| CVE | LOW | 07-09-2025 | |
Threat detailsA vulnerability was found in code-projects LifeStyle Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cart_add.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-09-2025 |
Threat detailsA vulnerability classified as critical has been found in FNKvision FNK-GU2 up to 40.1.7. Affected is an unknown function of the component UART Interface. The manipulation leads to on-chip debug and test interface with improper access control. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | CVE | CWE-1191 | PHYSICAL: HIGH | 07-09-2025 |
Threat detailsA vulnerability was found in itsourcecode Insurance Management System up to 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insertAgent.php. The manipulation of the argument agent_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-09-2025 |
Threat detailsA vulnerability was found in code-projects/Fabian Ros Library Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/profile_update.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | CVE | CWE-284, CWE-434 | NETWORK: LOW | 07-09-2025 |
Threat detailsThe Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘redirectURL’ parameter in all versions up to, and including, 3.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | CVE | CWE-79 | NETWORK: LOW | 07-09-2025 |
Threat detailsA vulnerability has been found in 9fans plan9port up to 9da5b44 and classified as problematic. Affected by this vulnerability is the function value_decode in the library src/libsec/port/x509.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is deae8939583d83fd798fca97665e0e94656c3ee8. It is recommended to apply a patch to fix this issue. | CVE | CWE-476, CWE-404 | LOCAL: LOW | 07-09-2025 |
Threat detailsA vulnerability was found in 9fans plan9port up to 9da5b44. It has been classified as critical. This affects the function edump in the library /src/plan9port/src/libsec/port/x509.c. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is b3e06559475b0130a7a2fb56ac4d131d13d2012f. It is recommended to apply a patch to fix this issue. | CVE | CWE-119, CWE-122 | ADJACENT_NETWORK: LOW | 07-09-2025 |
Threat detailsA vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue. | CVE | CWE-119, CWE-122 | LOCAL: LOW | 07-09-2025 |
Threat detailsAn unrestricted file upload vulnerability in the WordPress Simple File List plugin prior to version 4.2.3 allows unauthenticated remote attackers to achieve remote code execution. The plugin's upload endpoint (ee-upload-engine.php) restricts file uploads based on extension, but lacks proper validation after file renaming. An attacker can first upload a PHP payload disguised as a .png file, then use the plugin’s ee-file-engine.php rename functionality to change the extension to .php. This bypasses upload restrictions and results in the uploaded payload being executable on the server. | CVE | LOW | 07-09-2025 | |
Threat detailsAn unauthenticated information disclosure vulnerability exists in the WordPress Total Upkeep plugin (also known as BoldGrid Backup) prior to version 1.14.10. The plugin exposes multiple endpoints that allow unauthenticated users to retrieve detailed server configuration (env-info.php) and discover backup metadata (restore-info.json). These backups, which may include full SQL database dumps, are accessible without authentication if their paths are known or guessed. The restore-info.json endpoint discloses the absolute filesystem path of the latest backup, which attackers can convert into a web-accessible URL under wp-content/uploads/ and download. Extracting the database archive may yield credential hashes from the wp_users table, facilitating offline password cracking or credential stuffing attacks. | CVE | LOW | 07-09-2025 | |
Threat detailsAn unrestricted file upload vulnerability exists in the WordPress AIT CSV Import/Export plugin = 3.0.3. The plugin exposes an upload handler at upload-handler.php that allows arbitrary file upload via a multipart/form-data POST request. This endpoint does not enforce authentication or content-type validation, enabling attackers to upload malicious PHP code directly to the server. Although the upload may produce an error related to CSV parsing, the malicious file is still saved under wp-content/uploads/ and remains executable. Notably, the plugin does not need to be active for exploitation to succeed. | CVE | LOW | 07-09-2025 | |
Threat detailsAn authentication bypass vulnerability exists in the WordPress Pie Register plugin = 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the user_id_social_site parameter, an attacker can generate a valid WordPress session cookie for any user ID, including administrators. Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server. | CVE | LOW | 07-09-2025 | |
Threat detailsThe WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcfm_redirect_to_setup function in all versions up to, and including, 6.7.16. This makes it possible for unauthenticated attackers to view and modify the plugin settings, including payment details and API keys | CVE | CWE-862 | NETWORK: LOW | 07-09-2025 |
Threat detailsA vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub_410DDC of the file switch_language.cgi of the component httpd. The manipulation of the argument Language leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | CVE | CWE-119, CWE-121 | NETWORK: LOW | 07-09-2025 |
Threat detailsThe Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the sb_file_delete function in all versions up to, and including, 3.8.0. This makes it possible for attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). An attacker can leverage CVE-2025-4855 vulnerability to exploit this vulnerability unauthenticated. | CVE | CWE-22 | NETWORK: LOW | 07-09-2025 |
Threat detailsThe Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in the sb_encryption() function in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to bypass authorization and execute arbitrary AJAX actions defined in the sb_ajax_execute() function. An attacker can use this vulnerability to exploit CVE-2025-4828 and various other functions unauthenticated. | CVE | CWE-639 | NETWORK: LOW | 07-09-2025 |
Threat detailsAdobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-122 | LOCAL: LOW | 07-08-2025 |
Threat detailsIBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid HTTP request to the log reading service. | CVE | CWE-121 | NETWORK: LOW | 07-08-2025 |
Threat detailsInCopy versions 20.3, 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-191 | LOCAL: LOW | 07-08-2025 |
Threat detailsInCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-824 | LOCAL: LOW | 07-08-2025 |
Threat detailsInCopy versions 20.3, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-122 | LOCAL: LOW | 07-08-2025 |
Threat detailsA vulnerability, which was classified as critical, was found in krishna9772 Pharmacy Management System up to a2efc8442931ec9308f3b4cf4778e5701153f4e5. Affected is an unknown function of the file quantity_upd.php. The manipulation of the argument med_name/med_cat/ex_date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-08-2025 |
Threat detailsAdobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-121 | LOCAL: LOW | 07-08-2025 |
Threat detailsAdobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-824 | LOCAL: LOW | 07-08-2025 |
Threat detailsAdobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-122 | LOCAL: LOW | 07-08-2025 |
Threat detailsAdobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-476 | LOCAL: LOW | 07-08-2025 |
Threat detailsAdobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-787 | LOCAL: LOW | 07-08-2025 |
Threat detailsAdobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-787 | LOCAL: LOW | 07-08-2025 |
Threat detailsAdobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-787 | LOCAL: LOW | 07-08-2025 |
Threat detailsAdobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-191 | LOCAL: LOW | 07-08-2025 |
Threat detailsAdobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-787 | LOCAL: LOW | 07-08-2025 |
Threat detailsAdobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-191 | LOCAL: LOW | 07-08-2025 |
Threat detailsAdobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-122 | LOCAL: LOW | 07-08-2025 |
Threat detailsAdobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-787 | LOCAL: LOW | 07-08-2025 |
Threat detailsAdobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-787 | LOCAL: LOW | 07-08-2025 |
Threat detailsA vulnerability, which was classified as critical, has been found in code-projects Library System 1.0. This issue affects some unknown processing of the file /notapprove.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-08-2025 |
Threat detailsAdobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-122 | LOCAL: LOW | 07-08-2025 |
Threat detailsInDesign Desktop versions 19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-787 | LOCAL: LOW | 07-08-2025 |
Threat detailsInDesign Desktop versions 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-191 | LOCAL: LOW | 07-08-2025 |
Threat detailsInDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-122 | LOCAL: LOW | 07-08-2025 |
Threat detailsInDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-122 | LOCAL: LOW | 07-08-2025 |
Threat detailsIllustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-125 | LOCAL: LOW | 07-08-2025 |
Threat detailsInDesign Desktop versions 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-824 | LOCAL: LOW | 07-08-2025 |
Threat detailsInDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-122 | LOCAL: LOW | 07-08-2025 |
Threat detailsIllustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-125 | LOCAL: LOW | 07-08-2025 |
Threat detailsAdobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does require user interaction and scope is changed. | CVE | CWE-502 | NETWORK: LOW | 07-08-2025 |
Threat detailsSubstance3D - Stager versions 3.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-125 | LOCAL: LOW | 07-08-2025 |
Threat detailsIllustrator versions 28.7.6, 29.5.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-476 | LOCAL: LOW | 07-08-2025 |
Threat detailsLocal Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS | CVE | LOW | 07-08-2025 | |
Threat detailsIllustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-787 | LOCAL: LOW | 07-08-2025 |
Threat detailsIllustrator versions 28.7.6, 29.5.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-121 | LOCAL: LOW | 07-08-2025 |
Threat detailsIllustrator versions 28.7.6, 29.5.1 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-824 | LOCAL: LOW | 07-08-2025 |
Threat detailsIllustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-787 | LOCAL: LOW | 07-08-2025 |
Threat detailsIllustrator versions 28.7.6, 29.5.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-190 | LOCAL: LOW | 07-08-2025 |
Threat detailsIllustrator versions 28.7.6, 29.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-191 | LOCAL: LOW | 07-08-2025 |
Threat detailsAdobe Experience Manager (MS) versions 6.5.23.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. Scope is unchanged. | CVE | CWE-502 | NETWORK: LOW | 07-08-2025 |
Threat detailsAdobe Experience Manager versions 11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed. | CVE | CWE-79 | NETWORK: LOW | 07-08-2025 |
Threat detailsAdobe Experience Manager versions 11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed. | CVE | CWE-79 | NETWORK: LOW | 07-08-2025 |
Threat detailsHelm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and this file is written, can be crafted in a way that can cause execution if that same content were in a file that is executed (e.g., a bash.rc file or shell script). If the Chart.lock file is symlinked to one of these files updating dependencies will write the lock file content to the symlinked file. This can lead to unwanted execution. Helm warns of the symlinked file but did not stop execution due to symlinking. This issue has been resolved in Helm v3.18.4. | CVE | CWE-94 | LOW | 07-08-2025 |
Threat detailsIllustrator versions 28.7.6, 29.5.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-121 | LOCAL: LOW | 07-08-2025 |
Threat detailsA vulnerability classified as critical was found in code-projects Jonnys Liquor 1.0. This vulnerability affects unknown code of the file /admin/admin-area.php. The manipulation of the argument drink leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-08-2025 |
Threat detailsA vulnerability classified as critical has been found in code-projects Jonnys Liquor 1.0. This affects an unknown part of the file /admin/delete-row.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-08-2025 |
Threat detailsSubstance3D - Viewer versions 0.22 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-476 | LOCAL: LOW | 07-08-2025 |
Threat detailsColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to access sensitive information or denial of service by bypassing security measures. Exploitation of this issue does not require user interaction and scope is changed. The vulnerable component is restricted to internal IP addresses. | CVE | CWE-611 | ADJACENT_NETWORK: LOW | 07-08-2025 |
Threat detailsSubstance3D - Viewer versions 0.22 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-125 | LOCAL: LOW | 07-08-2025 |
Threat detailsSQL Injection vulnerability in Abis, Inc Adjutant Core Accounting ERP build v.PreBeta250F allows a remote attacker to obtain a sensitive information via the cid parameter in the GET request. | CVE | LOW | 07-08-2025 | |
Threat detailsSubstance3D - Viewer versions 0.22 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user, scope unchanged. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVE | CWE-122 | LOCAL: LOW | 07-08-2025 |
Threat detailsMCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. A command injection vulnerability exists in the mcp-server-kubernetes MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. This vulnerability is fixed in 2.5.0. | CVE | LOW | 07-08-2025 | |
Threat detailsInsufficient Logging vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Data Leakage Attacks.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2. | CVE | LOW | 07-08-2025 | |
Threat detailsAdvanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in certain configurations, Advanced Installer looks in standard-user writable locations for non-existent binaries and executes them as SYSTEM. A low-privileged attacker can place a malicious binary in a targeted folder; when the installer is executed, the attacker achieves arbitrary SYSTEM code execution. | CVE | LOW | 07-08-2025 | |
Threat detailsColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An attacker can exploit this issue by injecting crafted XML or XPath queries to access unauthorized files or lead to denial of service. Exploitation of this issue does not require user interaction, and attack must have access to shared secrets. | CVE | CWE-91 | NETWORK: HIGH | 07-08-2025 |
Threat detailsColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by a high-privileged attacker. Exploitation of this issue requires user interaction and scope is changed. The vulnerable component is restricted to internal IP addresses. | CVE | CWE-78 | ADJACENT_NETWORK: LOW | 07-08-2025 |
Threat detailsColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. The vulnerable component is restricted to internal IP addresses. | CVE | CWE-863 | ADJACENT_NETWORK: LOW | 07-08-2025 |
Threat detailsColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to access sensitive information. Exploitation of this issue does not require user interaction. The vulnerable component is restricted to internal IP addresses. | CVE | CWE-611 | ADJACENT_NETWORK: LOW | 07-08-2025 |
DataType | ProblemTypes | Impact | Publishdate | |
---|---|---|---|---|
CVE | 07-09-2025 | |||
CVE | 07-09-2025 | |||
CVE | 07-09-2025 | |||
CVE | 07-09-2025 | |||
CVE | 07-09-2025 | |||
CVE | 07-09-2025 | |||
CVE | 07-09-2025 | |||
CVE | CWE-120 | 07-09-2025 | ||
CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-09-2025 | |
CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-09-2025 | |
CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-09-2025 | |
CVE | CWE-502 | NETWORK: HIGH | 07-09-2025 | |
CVE | CWE-73 | NETWORK: LOW | 07-09-2025 | |
CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-09-2025 | |
CVE | CWE-20, CWE-502 | NETWORK: LOW | 07-09-2025 | |
CVE | CWE-310, CWE-312 | PHYSICAL: HIGH | 07-09-2025 | |
CVE | CWE-310, CWE-327 | PHYSICAL: HIGH | 07-09-2025 | |
CVE | CWE-79 | NETWORK: LOW | 07-09-2025 | |
CVE | CWE-620 | NETWORK: LOW | 07-09-2025 | |
CVE | LOW | 07-09-2025 | ||
CVE | LOW | 07-09-2025 | ||
CVE | LOW | 07-09-2025 | ||
CVE | LOW | 07-09-2025 | ||
CVE | LOW | 07-09-2025 | ||
CVE | LOW | 07-09-2025 | ||
CVE | LOW | 07-09-2025 | ||
CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-09-2025 | |
CVE | CWE-1191 | PHYSICAL: HIGH | 07-09-2025 | |
CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-09-2025 | |
CVE | CWE-284, CWE-434 | NETWORK: LOW | 07-09-2025 | |
CVE | CWE-79 | NETWORK: LOW | 07-09-2025 | |
CVE | CWE-476, CWE-404 | LOCAL: LOW | 07-09-2025 | |
CVE | CWE-119, CWE-122 | ADJACENT_NETWORK: LOW | 07-09-2025 | |
CVE | CWE-119, CWE-122 | LOCAL: LOW | 07-09-2025 | |
CVE | LOW | 07-09-2025 | ||
CVE | LOW | 07-09-2025 | ||
CVE | LOW | 07-09-2025 | ||
CVE | LOW | 07-09-2025 | ||
CVE | CWE-862 | NETWORK: LOW | 07-09-2025 | |
CVE | CWE-119, CWE-121 | NETWORK: LOW | 07-09-2025 | |
CVE | CWE-22 | NETWORK: LOW | 07-09-2025 | |
CVE | CWE-639 | NETWORK: LOW | 07-09-2025 | |
CVE | CWE-122 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-121 | NETWORK: LOW | 07-08-2025 | |
CVE | CWE-191 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-824 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-122 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-08-2025 | |
CVE | CWE-121 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-824 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-122 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-476 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-787 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-787 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-787 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-191 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-787 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-191 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-122 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-787 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-787 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-08-2025 | |
CVE | CWE-122 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-787 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-191 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-122 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-122 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-125 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-824 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-122 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-125 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-502 | NETWORK: LOW | 07-08-2025 | |
CVE | CWE-125 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-476 | LOCAL: LOW | 07-08-2025 | |
CVE | LOW | 07-08-2025 | ||
CVE | CWE-787 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-121 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-824 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-787 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-190 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-191 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-502 | NETWORK: LOW | 07-08-2025 | |
CVE | CWE-79 | NETWORK: LOW | 07-08-2025 | |
CVE | CWE-79 | NETWORK: LOW | 07-08-2025 | |
CVE | CWE-94 | LOW | 07-08-2025 | |
CVE | CWE-121 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-08-2025 | |
CVE | CWE-89, CWE-74 | NETWORK: LOW | 07-08-2025 | |
CVE | CWE-476 | LOCAL: LOW | 07-08-2025 | |
CVE | CWE-611 | ADJACENT_NETWORK: LOW | 07-08-2025 | |
CVE | CWE-125 | LOCAL: LOW | 07-08-2025 | |
CVE | LOW | 07-08-2025 | ||
CVE | CWE-122 | LOCAL: LOW | 07-08-2025 | |
CVE | LOW | 07-08-2025 | ||
CVE | LOW | 07-08-2025 | ||
CVE | LOW | 07-08-2025 | ||
CVE | CWE-91 | NETWORK: HIGH | 07-08-2025 | |
CVE | CWE-78 | ADJACENT_NETWORK: LOW | 07-08-2025 | |
CVE | CWE-863 | ADJACENT_NETWORK: LOW | 07-08-2025 | |
CVE | CWE-611 | ADJACENT_NETWORK: LOW | 07-08-2025 |