7.8
CVE-2025-47136 - InDesign Desktop | Integer Underflow (Wrap or Wraparound) (CWE-191)
InDesign Desktop versions 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2025-47103 - InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.3
CVE-2025-6759 - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges
Local Privilege escalation allows a low-privileged user to gain SYSTEM privilegesย in Windows Virtual Delivery Agent for CVAD and Citrix DaaS
5.4
CVE-2025-49547 - Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions FP11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโs browser when they browโฆ
5.4
CVE-2025-49534 - Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions FP11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโs browser when they browโฆ
8.5
CVE-2025-53547 - Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execuโฆ
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependโฆ
9.8
CVE-2025-49533 - Adobe Experience Manager (MS) | Deserialization of Untrusted Data (CWE-502)
Adobe Experience Manager (MS) versions 6.5.23.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. Scope is unchanged.
6.9
CVE-2025-7197 - code-projects Jonnys Liquor delete-row.php sql injection
A vulnerability classified as critical has been found in code-projects Jonnys Liquor 1.0. This affects an unknown part of the file /admin/delete-row.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to theโฆ
9.6
CVE-2025-27203 - Adobe Connect | Deserialization of Untrusted Data (CWE-502)
Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does require user interaction and scope is changed.
5.5
CVE-2025-27165 - Substance3D - Stager | Out-of-bounds Read (CWE-125)
Substance3D - Stager versions 3.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.