The OceanWP theme for WordPress has a vulnerability that allows attackers to trick site administrators into installing unwanted plugins, such as the Ocean Extra plugin, by sending forged requests that appear to come from the administrator.
This vulnerability is a problem because it enables unauthenticated attackers to manipulate site administrators into performing unintended actions, potentially leading to the installation of malicious plugins, unauthorized access, or other security breaches.
The Easy restaurant menu manager plugin for WordPress has a vulnerability that allows attackers to trick site administrators into uploading unauthorized menu files through a forged request, without needing to be logged in to the site.
This vulnerability is a problem because it enables unauthenticated attackers to modify the site's content, potentially leading to malicious activities such as uploading harmful files or altering the site's functionality, which can compromise the site's security and integrity.
The CVE-2025-0818 vulnerability allows unauthenticated attackers to delete arbitrary files on a WordPress site using elFinder versions 2.1.64 and prior, by exploiting a Directory Traversal weakness in the file manager.
This vulnerability is a problem because it enables malicious actors to potentially disrupt or destroy a website by deleting crucial files, which could lead to data loss, downtime, and other security issues, especially if the site owner has made the file manager accessible to users.
This vulnerability allows a remote attacker to access and write to memory outside of its designated boundaries in Google Chrome, using a specially crafted HTML page.
This vulnerability is a problem because it can enable attackers to execute arbitrary code, potentially leading to data theft, malware installation, or other malicious activities, compromising the security and integrity of the affected system.
This vulnerability allows a remote attacker to potentially exploit heap corruption in Google Chrome by convincing a user to interact with a specially crafted HTML page in a specific way, due to a "use after free" issue in the Aura component.
This vulnerability is a problem because it could allow an attacker to crash Google Chrome or potentially execute arbitrary code, which could lead to unauthorized access to sensitive information or system compromise.
This vulnerability in Google Chrome's File Picker allows a remote attacker to leak cross-origin data by tricking a user into performing specific actions on a crafted HTML page.
This vulnerability is a problem because it enables attackers to access sensitive information from other websites, potentially leading to data breaches or other malicious activities, by exploiting the user's interactions with a specially designed web page.
This vulnerability allows a remote attacker to execute arbitrary code inside a sandbox in Google Chrome by using a specially crafted HTML page, due to a race condition in the V8 engine.
This vulnerability is a problem because it could enable an attacker to run malicious code on a user's computer, potentially leading to data theft, system compromise, or other security breaches, even though the code is executed within a sandboxed environment.
This vulnerability allows a remote attacker to cause a heap buffer overflow in the libaom library used by Google Chrome, potentially leading to heap corruption when a specific set of gestures is performed.
This vulnerability is a problem because it can be exploited by an attacker to potentially execute malicious code, crash the browser, or gain unauthorized access to sensitive information, posing a significant threat to user security and privacy.
This vulnerability allows an attacker to overflow a buffer in the SetupUtility module, potentially enabling them to execute arbitrary code on a system if they have local privileged access.
This is a problem because it could give an attacker the ability to run malicious code on a system, potentially leading to data theft, system compromise, or other harmful activities, especially since it can be exploited by someone with local privileged access who may already have some level of trust within the system.
This vulnerability allows an attacker to write arbitrary data to memory inside the System Management RAM (SMRAM) and execute malicious code at the System Management Mode (SMM) level, giving them elevated access to system resources.
This is a significant issue because it enables attackers to bypass normal security controls, potentially allowing them to install malware, steal sensitive information, or disrupt system operation, all from a highly privileged position that is difficult to detect or mitigate.
This vulnerability allows an attacker to write arbitrary data to memory inside the System Management RAM (SMRAM) and execute arbitrary code at the System Management Mode (SMM) level, which is a privileged mode of operation.
This is a problem because it enables an attacker to gain high-level access to a system's hardware and software, potentially allowing them to bypass security controls, steal sensitive information, and take control of the system.
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority, indicating that it is no longer a valid or recognized vulnerability.
This is not a problem as the CVE ID is not associated with a legitimate vulnerability, and therefore does not pose a security risk.
This vulnerability allows an out-of-bounds read in Dimension versions 4.1.3 and earlier when a user opens a malicious file, potentially disclosing sensitive memory content.
This issue is a problem because it could lead to the unauthorized exposure of sensitive information stored in the application's memory, which could be used for malicious purposes, all triggered by something as simple as opening a malicious file.
This vulnerability allows an attacker to access sensitive memory information when a user opens a malicious file in Adobe Framemaker versions 2020.8, 2022.6, and earlier, due to an out-of-bounds read issue.
This vulnerability is a problem because it could lead to the disclosure of sensitive information, potentially putting users' personal or confidential data at risk, especially if the malicious file is crafted to exploit this specific weakness in Adobe Framemaker.
The CVE-2025-54232 vulnerability is a "Use After Free" flaw in Adobe Framemaker versions 2020.8, 2022.6, and earlier, which allows arbitrary code execution when a user opens a malicious file, potentially giving an attacker control of the user's system.
This vulnerability is a problem because it could allow an attacker to execute malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all by simply tricking the user into opening a specially crafted file.
This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file using Adobe Framemaker versions 2020.8, 2022.6, and earlier.
This is a problem because it enables attackers to gain control over a user's system, potentially leading to data theft, malware installation, or other malicious activities, all of which can happen simply by tricking a user into opening a specially crafted file.
This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file using Adobe Framemaker versions 2020.8, 2022.6, and earlier, due to a "Use After Free" flaw.
This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur simply by tricking a user into opening a specially crafted file.
The CVE-2025-54229 vulnerability is a "Use After Free" issue in Adobe Framemaker versions 2020.8, 2022.6, and earlier, which could allow arbitrary code execution when a user opens a malicious file.
This vulnerability is a problem because it can be exploited by attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur in the context of the current user's permissions.
This vulnerability allows an unauthenticated user to potentially gain elevated privileges on a Windows system running certain Zoom Clients, by exploiting an untrusted search path that can be accessed through the network.
This is a significant issue because it enables an attacker to escalate their privileges without needing any prior authorization, potentially leading to unauthorized access and control of the affected system, which could result in data theft, malware installation, or other malicious activities.
This vulnerability allows an unauthorized user to exploit a race condition in the Zoom Client for Windows installer, potentially compromising the application's integrity through local access.
This is a problem because it enables an attacker with local access to disrupt the normal functioning of the Zoom application, which could lead to unauthorized actions, data breaches, or other malicious activities, ultimately affecting the security and reliability of the system.
The Substance3D - Stager vulnerability allows an attacker to execute arbitrary code on a user's system when a malicious file is opened, due to an out-of-bounds write issue in versions 3.1.3 and earlier.
This vulnerability is a problem because it enables attackers to run malicious code on a victim's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur simply by tricking a user into opening a malicious file.
The CVE-2025-55171 vulnerability allows an anonymous attacker to delete any image file in the WeGIA web manager application without needing to log in, by exploiting a lack of authentication check at a specific endpoint (/html/personalizacao_remover.php).
This vulnerability is a problem because it enables unauthorized users to manipulate and delete sensitive data, potentially disrupting the application's functionality and causing data loss, which can have significant consequences for the charitable institutions that rely on WeGIA.
The CVE-2025-55170 vulnerability allows attackers to inject malicious scripts into the WeGIA web application through the /html/alterar_senha.php endpoint, specifically targeting the verificacao and redir_config parameters, enabling reflected cross-site scripting (XSS) attacks.
This vulnerability is a problem because it enables attackers to execute malicious code on users' browsers, potentially leading to unauthorized access, data theft, or other harmful activities, compromising the security and integrity of the WeGIA application and its users.
The Autocaliweb web app has a vulnerability that exposes sensitive configuration data, including API keys, through its debug pack feature, which is used for troubleshooting and support.
This vulnerability is a problem because it can lead to the unintentional sharing of private API keys when users share the debug pack, potentially allowing unauthorized access to sensitive information and systems.
This vulnerability allows an out-of-bounds read in Substance3D Modeler versions 1.22.0 and earlier when a user opens a malicious file, potentially disclosing sensitive memory contents.
This issue is a problem because it could lead to the unauthorized exposure of sensitive information stored in the application's memory, which could be used for malicious purposes, all triggered by something as simple as opening a malicious file.
This vulnerability allows an attacker to read sensitive memory information when a user opens a malicious file in affected InDesign Desktop versions (20.4, 19.5.4, and earlier).
This is a problem because it could lead to the disclosure of sensitive information, potentially putting user data at risk, and it requires minimal user interaction, making it a relatively easy target for attackers.
This vulnerability allows an attacker to read sensitive memory information when a user opens a malicious file in InDesign Desktop versions 20.4, 19.5.4, and earlier, due to an out-of-bounds read issue.
This vulnerability is a problem because it could lead to the disclosure of sensitive information, potentially compromising user privacy and security, especially if the malicious file is crafted to exploit this issue.
This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file in InDesign Desktop versions 20.4, 19.5.4, and earlier, due to a Use After Free flaw.
This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur simply by tricking a user into opening a specially crafted file.
This vulnerability allows an attacker to execute arbitrary code on a user's computer when they open a malicious file in InDesign Desktop versions 20.4, 19.5.4, and earlier, due to a "Use After Free" flaw.
This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur simply by tricking a user into opening a tainted file.
This vulnerability allows an attacker to execute arbitrary code on a user's computer when they open a malicious file in InDesign Desktop versions 20.4, 19.5.4, and earlier, due to a Use After Free flaw.
This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur simply by tricking a user into opening a specially crafted file.
This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file in InCopy versions 20.4, 19.5.4, and earlier, due to a Use After Free flaw.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur simply by tricking a user into opening a specially crafted file.
This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file in InCopy versions 20.4, 19.5.4, and earlier, due to an out-of-bounds write issue.
This is a problem because it enables attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur simply by tricking a user into opening a malicious file.
This vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting a heap-based buffer overflow in InCopy versions 20.4, 19.5.4, and earlier, when a user opens a malicious file.
This is a problem because it enables attackers to run malicious code on a victim's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur with the same privileges as the current user.
This vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting a heap-based buffer overflow in InCopy versions 20.4, 19.5.4, and earlier, when a malicious file is opened.
This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur with the same privileges as the current user.
This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file in InCopy versions 20.4, 19.5.4, and earlier, due to an out-of-bounds write issue.
This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all without needing administrative privileges, just the context of the current user.
This vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting a heap-based buffer overflow in InCopy versions 20.4, 19.5.4, and earlier, when a malicious file is opened.
This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur simply by tricking a user into opening a malicious file.
This vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting an out-of-bounds write issue in InCopy versions 20.4, 19.5.4, and earlier, when a malicious file is opened.
This is a problem because it enables attackers to run malicious code on a victim's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur with the same privileges as the current user.
This vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting an out-of-bounds write issue in InCopy versions 20.4, 19.5.4, and earlier, when a user opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a victim's system, potentially leading to unauthorized access, data theft, or other harmful activities, all within the context of the current user's permissions.
This vulnerability allows an attacker to potentially read sensitive memory information when a user opens a malicious file in affected InDesign Desktop versions (20.4, 19.5.4, and earlier).
This is a problem because it could lead to the disclosure of sensitive information, potentially compromising user privacy and security, especially if the malicious file is crafted to exploit this vulnerability.
This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file in InDesign Desktop versions 20.4, 19.5.4, and earlier, due to an out-of-bounds write issue.
This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur with the same privileges as the current user.
This vulnerability allows an attacker to execute arbitrary code on a user's computer by exploiting a heap-based buffer overflow in InDesign Desktop versions 20.4, 19.5.4, and earlier, when a user opens a malicious file.
This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur with the same privileges as the current user.
This vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting a heap-based buffer overflow in InDesign Desktop, which occurs when a user opens a malicious file.
This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can happen simply by tricking a user into opening a specially crafted file.
This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file in InDesign Desktop versions 20.4, 19.5.4, and earlier, due to an out-of-bounds write issue.
This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all by simply tricking the user into opening a tainted file.
This vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting a heap-based buffer overflow in InDesign Desktop, which occurs when a user opens a malicious file.
This is a problem because it enables attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can happen simply by tricking a user into opening a specially crafted file.
This vulnerability allows an attacker to execute arbitrary code on a user's system by tricking them into opening a malicious file in InDesign Desktop, potentially giving the attacker control over the user's computer.
This is a problem because it could allow an attacker to gain access to sensitive information, install malware, or take other malicious actions on the user's system, all without the user's knowledge or consent, simply by opening a malicious file.
This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file in InDesign Desktop versions 20.4, 19.5.4, and earlier, potentially giving the attacker control over the user's system.
This is a problem because it could allow an attacker to gain unauthorized access to a user's system, potentially leading to data theft, malware installation, or other malicious activities, all of which could happen simply by opening a malicious file.
This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file in InDesign Desktop versions 20.4, 19.5.4, and earlier, potentially giving the attacker control over the system.
This is a problem because it enables attackers to gain unauthorized access to a user's system, allowing them to steal sensitive information, install malware, or cause other harm, all by tricking the user into opening a malicious file.
This vulnerability allows an out-of-bounds read in Substance3D Sampler versions 5.0.3 and earlier when a user opens a malicious file, potentially disclosing sensitive memory content.
This issue is a problem because it could lead to unauthorized access to sensitive information stored in the application's memory, which could compromise user data and system security.
This vulnerability allows an out-of-bounds read in Substance3D Modeler versions 1.22.0 and earlier when a user opens a malicious file, potentially disclosing sensitive memory contents.
This vulnerability is a problem because it could expose sensitive information stored in the application's memory, which could be used for malicious purposes, and it requires user interaction, making it a potential phishing or social engineering attack vector.
The Substance3D Modeler has a vulnerability that allows an out-of-bounds read when a user opens a malicious file, potentially disclosing sensitive memory contents.
This vulnerability is a problem because it could allow an attacker to access sensitive information stored in the application's memory, which could be used for malicious purposes, by tricking a user into opening a specially crafted file.
This vulnerability allows an out-of-bounds read in Substance3D Modeler versions 1.22.0 and earlier when a user opens a malicious file, potentially disclosing sensitive memory contents.
This issue is a problem because it could lead to the unauthorized disclosure of sensitive information stored in the application's memory, which could be used for malicious purposes, all by simply tricking a user into opening a specially crafted file.
This vulnerability allows an out-of-bounds read in Substance3D Modeler versions 1.22.0 and earlier when a user opens a malicious file, potentially disclosing sensitive memory content.
This issue is a problem because it could lead to the unauthorized disclosure of sensitive information stored in the application's memory, which could compromise user data and system security, especially if the malicious file is crafted to exploit this vulnerability.
This vulnerability allows an out-of-bounds read in Substance3D Modeler versions 1.22.0 and earlier when a user opens a malicious file, potentially disclosing sensitive memory contents.
This issue is a problem because it could lead to the unauthorized disclosure of sensitive information stored in the application's memory, which could be used for malicious purposes, all through a relatively simple act of tricking a user into opening a specially crafted file.
The Substance3D Modeler versions 1.22.0 and earlier contain an out-of-bounds read vulnerability that can disclose sensitive memory when a user opens a malicious file.
This vulnerability is a problem because it can allow an attacker to access sensitive information stored in the system's memory, potentially leading to data breaches or other security issues, by tricking a user into opening a specially crafted malicious file.
This vulnerability allows an out-of-bounds read in Substance3D Modeler versions 1.22.0 and earlier when a user opens a malicious file, potentially disclosing sensitive memory contents.
This issue is a problem because it could lead to the unauthorized exposure of sensitive information stored in the application's memory, which could be used for malicious purposes, all triggered by something as simple as opening a malicious file.
This vulnerability allows an out-of-bounds read in Substance3D - Modeler versions 1.22.0 and earlier when a user opens a malicious file, potentially disclosing sensitive memory content.
This issue is a problem because it could lead to the unauthorized disclosure of sensitive information stored in the application's memory, which could be used for malicious purposes, all by simply tricking a user into opening a specially crafted file.
This vulnerability allows an out-of-bounds read in Substance3D Painter versions 11.0.2 and earlier when a user opens a malicious file, potentially disclosing sensitive memory contents.
This issue is a problem because it could lead to the unauthorized disclosure of sensitive information stored in the application's memory, which could be used for malicious purposes, and it requires user interaction, making it a social engineering threat.
The Substance3D Painter versions 11.0.2 and earlier contain an out-of-bounds read vulnerability that can expose sensitive memory when a user opens a malicious file.
This vulnerability is a problem because it allows an attacker to potentially access and disclose sensitive information stored in the system's memory, which could include confidential data or other security-related information, by tricking a user into opening a specially crafted malicious file.
The Substance3D Painter versions 11.0.2 and earlier contain an out-of-bounds read vulnerability that can expose sensitive memory when a user opens a malicious file.
This vulnerability is a problem because it could allow an attacker to access and disclose sensitive information stored in the memory, potentially leading to data breaches or other security issues, by tricking a user into opening a specially crafted malicious file.
This vulnerability allows an out-of-bounds read in Substance3D Painter versions 11.0.2 and earlier when a user opens a malicious file, potentially disclosing sensitive memory content.
This issue is a problem because it could lead to unauthorized access to sensitive information stored in the memory, compromising user privacy and security, especially if the malicious file is crafted to exploit this vulnerability.
This vulnerability allows an out-of-bounds read in Substance3D Painter versions 11.0.2 and earlier when a user opens a malicious file, potentially disclosing sensitive memory content.
This issue is a problem because it could lead to the unauthorized exposure of sensitive information stored in the application's memory, which could be used for malicious purposes, all by simply tricking a user into opening a specially crafted file.
The Substance3D Painter versions 11.0.2 and earlier contain an out-of-bounds read vulnerability that can expose sensitive memory when a user opens a malicious file.
This vulnerability is a problem because it could allow an attacker to access confidential information stored in the system's memory, potentially leading to data breaches or other security issues, by tricking a user into opening a specially crafted malicious file.
This vulnerability allows an out-of-bounds read in Substance3D Painter versions 11.0.2 and earlier when a user opens a malicious file, potentially disclosing sensitive memory content.
This issue is a problem because it could lead to the unauthorized exposure of sensitive information stored in the application's memory, which could be used for malicious purposes, all triggered by something as simple as opening a malicious file.
This vulnerability allows an out-of-bounds read in Substance3D Painter versions 11.0.2 and earlier when a user opens a malicious file, potentially disclosing sensitive memory contents.
This issue is a problem because it could lead to the unauthorized disclosure of sensitive information stored in the application's memory, which could be used for malicious purposes, and it requires user interaction, making it a social engineering threat.
The CVE-2025-54187 vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting an out-of-bounds write issue in Substance3D Painter versions 11.0.2 and earlier, but only if the user opens a malicious file.
This vulnerability is a problem because it could enable an attacker to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all within the context of the current user's permissions.
This vulnerability allows an attacker to read sensitive memory information when a user opens a malicious file in Substance3D - Modeler versions 1.22.0 and earlier, potentially disclosing confidential data.
This issue is a problem because it could lead to the unauthorized disclosure of sensitive information, which could be used for malicious purposes, and it requires user interaction, making it a potential phishing threat.
This vulnerability allows an attacker to execute arbitrary code on a victim's computer by exploiting an out-of-bounds write issue in Substance3D Modeler versions 1.22.0 and earlier, but only if the victim opens a malicious file.
This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all within the context of the current user's permissions.
The CVE-2025-49572 vulnerability allows an out-of-bounds write in Substance3D - Modeler versions 1.22.0 and earlier, which could lead to arbitrary code execution when a user opens a malicious file.
This vulnerability is a problem because it enables attackers to potentially execute malicious code on a user's system, allowing them to gain unauthorized access or control, simply by tricking the user into opening a specially crafted file.
The Substance3D - Modeler versions 1.22.0 and earlier contain a vulnerability that allows an attacker to execute arbitrary code in the context of the current user by modifying the search path to point to a malicious program.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system without requiring any interaction from the user, potentially leading to unauthorized access, data theft, or other harmful activities.
This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file in Photoshop Desktop versions 25.12.3, 26.8, and earlier, due to an out-of-bounds write issue.
This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur simply by tricking a user into opening a specially crafted file.
This vulnerability, known as a Use After Free issue, occurs in Animate versions 23.0.12, 24.0.9, and earlier, allowing potential disclosure of sensitive memory when a user opens a malicious file.
This vulnerability is a problem because it could lead to the unauthorized exposure of sensitive information stored in the computer's memory, potentially putting user data at risk, especially if the malicious file is crafted to exploit this specific weakness.
This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file using Animate versions 23.0.12, 24.0.9, or earlier, potentially giving the attacker control over the system.
This is a problem because it could lead to unauthorized access and control of a user's system, allowing an attacker to steal sensitive information, install malware, or cause other types of harm, all within the context of the current user's privileges.
The CVE-2025-49569 vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting an out-of-bounds write issue in Substance3D Viewer versions 0.25 and earlier, but only if the user opens a malicious file.
This vulnerability is a problem because it could allow an attacker to gain control of a user's system, potentially leading to data theft, malware installation, or other malicious activities, all of which could have serious consequences for the user's security and privacy.
This vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting a heap-based buffer overflow in Substance3D Viewer versions 0.25 and earlier, which occurs when a user opens a malicious file.
This is a problem because it enables attackers to run malicious code on a victim's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can happen with the same privileges as the current user.
This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI of IBM WebSphere Application Server Liberty, potentially altering the intended functionality and leading to the execution of malicious code.
This vulnerability is a problem because it could lead to credentials disclosure within a trusted session, allowing an attacker to gain unauthorized access to sensitive information and potentially take control of the affected system.
The CVE-2025-55169 vulnerability allows an attacker to access local files on the server and sensitive information, including the config.php file, by exploiting a path traversal weakness in the WeGIA application's download_remessa.php endpoint.
This vulnerability is a problem because it could grant unauthorized access to sensitive information, such as database credentials stored in config.php, potentially leading to direct access to the database and compromising the security of the application and its data.
The CVE-2025-55168 vulnerability allows attackers to inject arbitrary SQL commands into the WeGIA web manager's database through the id_fichamedica parameter in the /html/saude/aplicar_medicamento.php endpoint, prior to version 3.4.8.
This vulnerability is a problem because it compromises the confidentiality, integrity, and availability of the database, potentially leading to unauthorized access, modification, or deletion of sensitive data.
This vulnerability allows a remote authenticated attacker with high privileges to gain super-admin access by registering a device to a malicious FortiManager in affected FortiOS Security Fabric versions.
This is a problem because it enables an attacker to escalate their privileges, potentially allowing them to gain full control over the system, access sensitive information, and perform malicious actions, compromising the security and integrity of the network.
The CVE-2025-52970 vulnerability allows an unauthenticated remote attacker to gain admin privileges on a Fortinet FortiWeb device by sending a specially crafted request, exploiting improper handling of parameters in the device's software.
This vulnerability is a problem because it enables an attacker to take control of the device without needing authentication, potentially leading to unauthorized access, data breaches, and disruption of critical services, highlighting a significant security risk for organizations relying on Fortinet FortiWeb devices.
This vulnerability allows an attacker to inject malicious code into the Fortinet FortiADC system by sending specially crafted HTTP parameters, which can lead to the execution of unauthorized commands.
This is a problem because it enables a remote attacker with low privileges to gain control over the system, potentially leading to data breaches, system compromise, or other malicious activities, even if they don't have high-level access.
This vulnerability allows an attacker with privileged access to inject malicious commands into the Fortinet FortiWeb CLI, potentially executing arbitrary code or commands.
This vulnerability is a problem because it enables attackers to gain unauthorized control over the system, potentially leading to data breaches, system compromise, or other malicious activities, especially since it can be exploited by privileged users who already have some level of access.
This vulnerability allows an attacker to inject malicious JavaScript code into a Liferay Portal or Liferay DXP system by exploiting a reflected cross-site scripting (XSS) flaw in the configuration of a custom sort widget, specifically in the "first display label" field, which is then executed when the page is refreshed.
This vulnerability is a problem because it enables a remote authenticated attacker to execute arbitrary JavaScript code on the system, potentially leading to unauthorized access, data theft, or other malicious activities, compromising the security and integrity of the affected Liferay Portal or Liferay DXP instance.
This vulnerability allows a remote attacker to bypass security restrictions in IBM WebSphere Application Server Liberty by exploiting a failure to honor JMS messaging configuration, potentially giving them unauthorized access to sensitive data or systems.
This vulnerability is a problem because it could enable malicious actors to circumvent security measures, leading to potential data breaches, unauthorized system access, or other malicious activities, which could compromise the confidentiality, integrity, and availability of sensitive information.
This vulnerability allows an authenticated remote attacker to inject malicious code into the FortiSOAR WEB UI through stored service requests, enabling a cross-site scripting (XSS) attack.
This vulnerability is a problem because it enables attackers to execute malicious scripts on the FortiSOAR platform, potentially leading to unauthorized access, data theft, or disruption of services, which can compromise the security and integrity of the system.
This vulnerability allows an attacker with privileged access to execute arbitrary code or commands on a Fortinet FortiWeb device by sending crafted commands through the Command Line Interface (CLI), due to a stack-based buffer overflow error.
This vulnerability is a problem because it enables attackers to gain control over the device, potentially leading to unauthorized access, data breaches, or disruption of service, which can have significant security and operational impacts.
This vulnerability allows an attacker with privileged access to execute unauthorized code or commands on a Fortinet FortiWeb device by crafting malicious CLI commands, due to the device's failure to properly neutralize special elements used in OS commands.
This vulnerability is a problem because it enables an authenticated attacker to gain control over the device, potentially leading to data breaches, system compromise, or disruption of critical services, which can have significant security and operational implications.
This vulnerability allows an unauthenticated attacker to execute unauthorized code or commands on Fortinet FortiSIEM systems by sending crafted CLI requests, due to the system's failure to properly neutralize special elements used in OS commands.
This is a significant problem because it enables attackers to gain control over the system, potentially leading to data breaches, disruption of services, or other malicious activities, without requiring any authentication or authorization.
This vulnerability allows an authenticated user to send crafted requests to a FortiOS, FortiProxy, or FortiPAM device, potentially disrupting the availability of SSL-VPN services for Remote Desktop Protocol (RDP) and Virtual Network Computing (VNC) bookmarks due to an integer overflow or wraparound issue.
This vulnerability is a problem because it can be exploited by an authenticated user to intentionally or unintentionally impact the device's SSL-VPN availability, leading to denial-of-service conditions and potentially causing disruptions to remote access services.
This vulnerability allows an authenticated remote attacker to access and overwrite arbitrary files on a Fortinet FortiManager system by crafting specific requests, potentially leading to unauthorized changes and data corruption.
This vulnerability is a problem because it enables attackers to modify critical system files, which could disrupt the normal functioning of the FortiManager, lead to data loss, or even allow the attacker to gain elevated privileges and further compromise the system.
This vulnerability allows an authenticated attacker to access and read arbitrary files on a FortiSOAR system by uploading a specially crafted solution pack, which can traverse the directory structure and reach files outside of the intended directory.
This vulnerability is a problem because it can give an attacker unauthorized access to sensitive information, such as configuration files, user data, or other confidential documents, which can be used for further exploitation or malicious activities.
The CVE-2024-40588 vulnerability allows an attacker with privileges to access and read files from the underlying filesystem of certain Fortinet products, including FortiMail, FortiVoice, FortiRecorder, FortiCamera, and FortiNDR, by sending crafted CLI requests that exploit relative path traversal weaknesses.
This vulnerability is a problem because it enables unauthorized access to sensitive files and data, potentially leading to data breaches, intellectual property theft, or other malicious activities, which can compromise the security and confidentiality of the affected systems.
This vulnerability allows an unauthorized attacker to bypass authentication and take control of a Fortinet device by sending specially crafted requests, but only if the device is managed by a FortiManager and the attacker knows the FortiManager's serial number.
This is a significant issue because it enables an attacker to gain control of a device without needing a password or any other form of authentication, potentially leading to unauthorized access, data theft, or disruption of services.
This vulnerability allows a privileged attacker to execute code or commands on affected Fortinet devices (FortiOS, FortiProxy, and FortiPAM) by sending specially crafted HTTP or HTTPS requests, due to a double free error in the system.
This vulnerability is a problem because it enables attackers with privileged access to potentially take control of the device, execute malicious code, or issue unauthorized commands, which could lead to data breaches, system compromise, or disruption of service.
This vulnerability allows an unauthorized attacker to access and disclose sensitive information over a network due to improper authentication in Azure Stack.
This is a problem because it enables attackers to gain unauthorized access to confidential data, potentially leading to data breaches, intellectual property theft, and other malicious activities, compromising the security and integrity of the affected system.
This vulnerability allows an attacker with some level of access to a Windows system to exploit a weakness in the StateRepository API, which lacks proper authentication for a critical function, enabling them to gain higher privileges on the local system.
This is a problem because it enables an authorized user to escalate their privileges beyond what they should have, potentially leading to unauthorized access to sensitive data, disruption of system operations, or installation of malicious software, thus compromising the security and integrity of the system.
The CVE-2025-53788 vulnerability is a time-of-check time-of-use (toctou) race condition in the Windows Subsystem for Linux, which allows an authorized attacker to exploit a timing flaw and elevate their privileges locally.
This vulnerability is a problem because it enables an attacker with existing access to gain higher-level privileges, potentially allowing them to access sensitive data, install malware, or take control of the system, compromising the security and integrity of the affected Windows system.
This vulnerability allows an attacker to execute code locally on a computer by exploiting a "use after free" flaw in Microsoft Office Word, which occurs when the program tries to access memory that has already been freed.
This vulnerability is a problem because it enables an unauthorized attacker to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, especially since it can be exploited locally without needing remote access.
This vulnerability allows an unauthorized attacker to overflow a buffer in Microsoft Teams, potentially enabling them to execute malicious code over a network.
This is a problem because it could give an attacker the ability to run arbitrary code on a victim's system, potentially leading to data theft, system compromise, or other malicious activities, all without the need for physical access or user interaction.
This vulnerability allows an authorized attacker to access and disclose sensitive information from Azure Virtual Machines over a network, potentially exposing confidential data to unauthorized parties.
This vulnerability is a problem because it can lead to unauthorized access to sensitive information, which can result in data breaches, intellectual property theft, and other malicious activities, ultimately compromising the security and integrity of the affected systems and data.
The CVE-2025-53779 vulnerability allows an attacker with authorization to exploit a relative path traversal flaw in Windows Kerberos, enabling them to gain elevated privileges over a network.
This vulnerability is a problem because it enables authorized attackers to escalate their privileges, potentially granting them unauthorized access to sensitive data and systems, which could lead to further malicious activities such as data theft, tampering, or disruption of services.