CVE-2025-32756 - Fortinet FortiVoice Buffer Overflow Vulnerability
CVE ID : CVE-2025-32756
Published : May 13, 2025, 3:15 p.m. | 23 minutes ago
Description : A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32756
Published : May 13, 2025, 3:15 p.m. | 23 minutes ago
Description : A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44039 - CP-XR-DE21-S 4G Router Firmware UART Console Authentication Bypass
CVE ID : CVE-2025-44039
Published : May 13, 2025, 3:15 p.m. | 23 minutes ago
Description : CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing internal system details and sensitive information without any authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44039
Published : May 13, 2025, 3:15 p.m. | 23 minutes ago
Description : CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing internal system details and sensitive information without any authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44831 - EngineerCMS SQL Injection Vulnerability
CVE ID : CVE-2025-44831
Published : May 13, 2025, 3:15 p.m. | 23 minutes ago
Description : EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44831
Published : May 13, 2025, 3:15 p.m. | 23 minutes ago
Description : EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45859 - TOTOLINK A3002R Buffer Overflow
CVE ID : CVE-2025-45859
Published : May 13, 2025, 3:15 p.m. | 23 minutes ago
Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45859
Published : May 13, 2025, 3:15 p.m. | 23 minutes ago
Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45864 - TOTOLINK A3002R Buffer Overflow Vulnerability
CVE ID : CVE-2025-45864
Published : May 13, 2025, 3:15 p.m. | 23 minutes ago
Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45864
Published : May 13, 2025, 3:15 p.m. | 23 minutes ago
Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45866 - TOTOLINK A3002R Buffer Overflow
CVE ID : CVE-2025-45866
Published : May 13, 2025, 3:15 p.m. | 23 minutes ago
Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45866
Published : May 13, 2025, 3:15 p.m. | 23 minutes ago
Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45867 - TOTOLINK A3002R Buffer Overflow
CVE ID : CVE-2025-45867
Published : May 13, 2025, 3:15 p.m. | 23 minutes ago
Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45867
Published : May 13, 2025, 3:15 p.m. | 23 minutes ago
Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32704 - Microsoft Office Excel Buffer Over-read Remote Code Execution Vulnerability
CVE ID : CVE-2025-32704
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32704
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32705 - Microsoft Office Outlook Out-of-bounds Read Remote Code Execution Vulnerability
CVE ID : CVE-2025-32705
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32705
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32706 - Windows Common Log File System Driver Local Privilege Escalation Vulnerability
CVE ID : CVE-2025-32706
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32706
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32707 - Windows NTFS Out-of-bounds Read Privilege Elevation
CVE ID : CVE-2025-32707
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32707
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32709 - "Windows Ancillary Function Driver for WinSock Use-After-Free Privilege Escalation Vulnerability"
CVE ID : CVE-2025-32709
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32709
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3757 - OpenPubkey Invalid JWS Signature Verification
CVE ID : CVE-2025-3757
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3757
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47280 - Umbraco Forms Email Injection Vulnerability
CVE ID : CVE-2025-47280
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address, potentially bypassing spam and email client security systems. This issue affects all (supported) versions Umbraco Forms and is patched in 13.4.2 and 15.1.2. Unpatched or unsupported versions can workaround this issue by using the `Send email with template (Razor)` workflow instead or writing a custom workflow type. To avoid accidentally using the vulnerable workflow again, the `SendEmail` workflow type can be removed using a composer available in the GitHub Security Advisory for this vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47280
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address, potentially bypassing spam and email client security systems. This issue affects all (supported) versions Umbraco Forms and is patched in 13.4.2 and 15.1.2. Unpatched or unsupported versions can workaround this issue by using the `Send email with template (Razor)` workflow instead or writing a custom workflow type. To avoid accidentally using the vulnerable workflow again, the `SendEmail` workflow type can be removed using a composer available in the GitHub Security Advisory for this vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4658 - OpenPubkey/OPKSSH JWS Signature Verification Bypass
CVE ID : CVE-2025-4658
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4658
Published : May 13, 2025, 5:16 p.m. | 2 hours, 7 minutes ago
Description : Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-31358 - AMD Manageability API DLL Hijacking Privilege Escalation Vulnerability
CVE ID : CVE-2023-31358
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-31358
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-31359 - AMD Manageability API Privilege Escalation Vulnerability
CVE ID : CVE-2023-31359
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-31359
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27197 - Adobe Lightroom Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-27197
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Lightroom Desktop versions 8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27197
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Lightroom Desktop versions 8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30322 - Substance3D Painter Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-30322
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Substance3D - Painter versions 11.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30322
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Substance3D - Painter versions 11.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30324 - Adobe Photoshop Integer Underflow Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-30324
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30324
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30325 - Adobe Photoshop Integer Overflow Arbitrary Code Execution
CVE ID : CVE-2025-30325
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30325
Published : May 13, 2025, 6:15 p.m. | 1 hour, 7 minutes ago
Description : Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...