
CVE-2025-47134 – InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
https://notcve.org/view.php?id=CVE-2025-47134
08 Jul 2025 — InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb25-60.html • CWE-122: Heap-based Buffer Overflow •

CVE-2025-47136 – InDesign Desktop | Integer Underflow (Wrap or Wraparound) (CWE-191)
https://notcve.org/view.php?id=CVE-2025-47136
08 Jul 2025 — InDesign Desktop versions 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb25-60.html • CWE-191: Integer Underflow (Wrap or Wraparound) •

CVE-2025-47103 – InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
https://notcve.org/view.php?id=CVE-2025-47103
08 Jul 2025 — InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb25-60.html • CWE-122: Heap-based Buffer Overflow •

CVE-2025-53547 – Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution
https://notcve.org/view.php?id=CVE-2025-53547
08 Jul 2025 — Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and this file is written, can be crafted in a way that can cause execution if that same content were in a file that is executed (e.g., a bash.rc file or shell script). ... This can lead to unwanted execution. Helm warns... • https://github.com/helm/helm/commit/4b8e61093d8f579f1165cdc6bd4b43fa5455f571 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-49533 – Adobe Experience Manager (MS) | Deserialization of Untrusted Data (CWE-502)
https://notcve.org/view.php?id=CVE-2025-49533
08 Jul 2025 — Adobe Experience Manager (MS) versions 6.5.23.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. • https://helpx.adobe.com/security/products/aem-forms/apsb25-67.html • CWE-502: Deserialization of Untrusted Data •

CVE-2025-27203 – Adobe Connect | Deserialization of Untrusted Data (CWE-502)
https://notcve.org/view.php?id=CVE-2025-27203
08 Jul 2025 — Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. • https://helpx.adobe.com/security/products/connect/apsb25-61.html • CWE-502: Deserialization of Untrusted Data •

CVE-2025-43582 – Substance3D - Viewer | Heap-based Buffer Overflow (CWE-122)
https://notcve.org/view.php?id=CVE-2025-43582
08 Jul 2025 — Substance3D - Viewer versions 0.22 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user, scope unchanged. • https://helpx.adobe.com/security/products/substance3d-viewer/apsb25-54.html • CWE-122: Heap-based Buffer Overflow •

CVE-2025-49537 – ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
https://notcve.org/view.php?id=CVE-2025-49537
08 Jul 2025 — ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by a high-privileged attacker. • https://helpx.adobe.com/security/products/coldfusion/apsb25-69.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVE-2025-53355 – mcp-server-kubernetes vulnerable to command injection in several tools
https://notcve.org/view.php?id=CVE-2025-53355
08 Jul 2025 — The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. • https://github.com/Flux159/mcp-server-kubernetes/commit/ab165f5a0eea917fef5dbae954506fff6f4bf514 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVE-2025-48384 – Git allows arbitrary code execution through broken config quoting
https://notcve.org/view.php?id=CVE-2025-48384
08 Jul 2025 — An attacker could possibly use this issue to create or write to arbitrary files on the system. ... If a user were tricked into cloning a malicious Git repository, an attacker could possibly use this issue to run arbitrary commands. • https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-436: Interpretation Conflict •