6.6
CVE-2025-58131 - Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon - Race Condition
Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks) may allow an authenticated user to conduct a disclosure of information via network access.
5.3
CVE-2025-58135 - Zoom Workplace Clients for Windows - Improper Action Enforcement
Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.
4.3
CVE-2025-58134 - Zoom Workplace Clients for Windows - Incorrect Authorization
Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access.
4.3
CVE-2025-49461 - Zoom Workplace Clients - Cross-site Scripting
Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
7.8
CVE-2025-54258 - Substance3D - Modeler | Use After Free (CWE-416)
Substance3D - Modeler versions 1.22.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is unchanged.
7.8
CVE-2025-54259 - Substance3D - Modeler | Integer Overflow or Wraparound (CWE-190)
Substance3D - Modeler versions 1.22.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scopeβ¦
7.8
CVE-2025-54260 - Substance3D - Modeler | Out-of-bounds Read (CWE-125)
Substance3D - Modeler versions 1.22.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current β¦
4.3
CVE-2025-49460 - Zoom Workplace Clients - Argument Injection
Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
8.7
CVE-2025-10171 - UTT 1250GW formConfigApConfTemp sub_453DC buffer overflow
A vulnerability was detected in UTT 1250GW up to 3.2.2-200710. This vulnerability affects the function sub_453DC of the file /goform/formConfigApConfTemp. Performing manipulation results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. Thβ¦
7.8
CVE-2025-49459 - Zoom Workplace for Windows on ARM - Missing Authorization
Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access.