CVE Brief Security Intelligence

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause memory corruption by identifying and accessing the shared memory region used by the Python backend

This vulnerability affects Firefox < 143, Firefox ESR < 115

Memory safety bugs present in Firefox ESR 140

CYRISMA Sensor before 444 for Windows has an Insecure Folder and File Permissions vulnerability

The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import() function in all versions up to, and including, 1

This vulnerability affects Firefox < 143, Firefox ESR < 140

Greenshot is an open source Windows screenshot utility

This vulnerability affects Firefox < 143 and Thunderbird < 143

The mcp-database-server (MCP Server) 1

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the upload_function() function in all versions up to, and including, 7

This vulnerability affects Firefox < 143

The Catch Dark Mode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write through a specially crafted input

A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges

This vulnerability affects Firefox < 143, Firefox ESR < 140

A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections

Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured

A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS)

Apache::AuthAny::Cookie v0

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E1 Informatics Web Application allows SQL Injection

Ashlar-Vellum Cobalt LI File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability

Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt AR File Parsing Uninitialized Variable Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt VC6 File Parsing Integer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt LI File Parsing Use-After-Free Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt LI File Parsing Type Confusion Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Memory Corruption Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

The N-Reporter, N-Cloud, and N-Probe developed by N-Partner has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Megatek Communication System Azora Wireless Network Management allows SQL Injection

A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent

A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent

An incorrect API discovered in Signify Wiz Connected 1

The /api/comment endpoint in zhangyd-c OneBlog 2

SQL injection vulnerability in oa_system oasys v

A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file

A permissions issue was addressed with additional restrictions

A permissions issue was addressed with additional sandbox restrictions

by-night sms V1

Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing

In JetBrains Junie before 252

This issue was addressed by removing the vulnerable code

This issue was addressed with improved checks

Edimax BR-6473AX v1

In LemonLDAP::NG before 2

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker may cause an improper input validation issue

This issue was addressed by removing the vulnerable code

A permissions issue was addressed with additional restrictions

A parsing issue in the handling of directory paths was addressed with improved path validation

A permissions issue was addressed with additional restrictions

A permissions issue was addressed with additional restrictions

A permissions issue was addressed with additional restrictions

A permissions issue was addressed with additional restrictions

The issue was addressed with improved input validation

A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability

A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability

Substance3D - Stager versions 3

A DLL hijacking vulnerability in CYRISMA Agent before 444 allows local users to escalate privileges and execute arbitrary code via multiple DLLs

An Out-Of-Bounds Read vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file

A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted JT file

In JetBrains TeamCity before 2025

The issue was addressed by adding additional logic

This issue was addressed through improved state management

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics

In Frappe ERPNext v15

Out-of-support Control-M/Agent versions 9

IBM AIX 7

A flaw was found in Podman

code-projects Computer Laboratory System 1

A flaw has been found in Campcodes Grocery Sales and Inventory System 1

A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1

A vulnerability was found in Campcodes Grocery Sales and Inventory System 1

A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1

A vulnerability was found in SourceCodester Online Exam Form Submission 1

A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464