7.8
CVE-2025-9454 - PRT File Parsing Out-of-Bounds Read Vulnerability
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
7.8
CVE-2025-9453 - PRT File Parsing Out-of-Bounds Read Vulnerability
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
7.8
CVE-2025-9452 - SLDPRT File Parsing Memory Corruption Vulnerability
A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
5.3
CVE-2025-14731 - CTCMS Content Management System Frontend/Template Management CT_Parser.php special elements used inβ¦
A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CT_Parser.php of the component Frontend/Template Management Module. This manipulation causes improper neutralization of special elements used in a temβ¦
7.8
CVE-2025-14593 - CATPART File Parsing Out-of-Bounds Read Vulnerability
A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
6.9
CVE-2025-66482 - Misskey has a login rate limit bypass via spoofed X-Forwarded-For header
Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option (`trustProxy`) has been added in config file β¦
7.1
CVE-2025-66402 - misskey.js's export data contains private post data
Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue.
7.4
CVE-2025-58173 - FreshRSS vulnerable to authenticated RCE via path traversal inside include()
FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the `language` user configuration parameter, it's possible to call `install.php` and perform various administrative actions as an unprivileged user. These actions include logging in as thβ¦
5.1
CVE-2025-14730 - CTCMS Content Management System Backend System Configuration Ct_Config.php code injection
A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/Ct_Config.php of the component Backend System Configuration Module. The manipulation of the argument Cj_Add/Cj_Edit results in code injection. Tβ¦
5.1
CVE-2025-14729 - CTCMS Content Management System Backend App Configuration Ct_App.php save code injection
A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/Ct_App.php of the component Backend App Configuration Module. The manipulation of the argument CT_App_Paytype leads to code injection. Remote exploitationβ¦