CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24451 – Substance3D - Painter | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2025-24451
11 Mar 2025 — Substance3D - Painter versions 10.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_painter/apsb25-18.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24450 – Substance3D - Painter | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2025-24450
11 Mar 2025 — Substance3D - Painter versions 10.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_painter/apsb25-18.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21169 – Substance3D - Designer | Heap-based Buffer Overflow (CWE-122)
https://notcve.org/view.php?id=CVE-2025-21169
11 Mar 2025 — Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_designer/apsb25-22.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27172 – Substance3D - Designer | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2025-27172
11 Mar 2025 — Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_designer/apsb25-22.html • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-54084 – SMM Arbitrary Write via TOCTOU Vulnerability
https://notcve.org/view.php?id=CVE-2024-54084
11 Mar 2025 — Successful exploitation of this vulnerability may lead to arbitrary code execution. • https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-2196 – MRCMS org.marker.mushroom.controller.FileController upload.do upload cross site scripting
https://notcve.org/view.php?id=CVE-2025-2196
11 Mar 2025 — A vulnerability was found in MRCMS 3.1.2. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /admin/file/upload.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack can be launched remotely. • https://github.com/IceFoxH/VULN/issues/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-2195 – MRCMS org.marker.mushroom.controller.FileController rename.do rename cross site scripting
https://notcve.org/view.php?id=CVE-2025-2195
11 Mar 2025 — A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is the function rename of the file /admin/file/rename.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument name/path leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/IceFoxH/VULN/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-2194 – MRCMS org.marker.mushroom.controller.FileController list.do list cross site scripting
https://notcve.org/view.php?id=CVE-2025-2194
11 Mar 2025 — A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/IceFoxH/VULN/issues/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 4%CPEs: 1EXPL: 1CVE-2025-27363 – freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files
https://notcve.org/view.php?id=CVE-2025-27363
11 Mar 2025 — This may result in arbitrary code execution. ... This may result in arbitrary code execution. ... This issue could result in arbitrary code execution or other undefined behavior. • https://github.com/zhuowei/CVE-2025-27363-proof-of-concept • CWE-787: Out-of-bounds Write •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2191 – Claro A7600-A1 Ping6 Diagnóstico form2pingv6.cgi cross site scripting
https://notcve.org/view.php?id=CVE-2025-2191
11 Mar 2025 — A vulnerability, which was classified as problematic, has been found in Claro A7600-A1 RNR4-A72T-2x16_v2110403_CLA_32_160817. Affected by this issue is some unknown functionality of the file /form2pingv6.cgi of the component Ping6 Diagnóstico. The manipulation of the argument ip6addr with the input <img/src/onerror=prompt(8)> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.299216 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •