7.8
CVE-2025-47103 - InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.3
CVE-2025-6759 - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges
Local Privilege escalation allows a low-privileged user to gain SYSTEM privilegesย in Windows Virtual Delivery Agent for CVAD and Citrix DaaS
5.4
CVE-2025-49547 - Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions FP11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโs browser when they browโฆ
5.4
CVE-2025-49534 - Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions FP11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโs browser when they browโฆ
8.5
CVE-2025-53547 - Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execuโฆ
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependโฆ
9.8
CVE-2025-49533 - Adobe Experience Manager (MS) | Deserialization of Untrusted Data (CWE-502)
Adobe Experience Manager (MS) versions 6.5.23.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. Scope is unchanged.
6.9
CVE-2025-7197 - code-projects Jonnys Liquor delete-row.php sql injection
A vulnerability classified as critical has been found in code-projects Jonnys Liquor 1.0. This affects an unknown part of the file /admin/delete-row.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to theโฆ
9.6
CVE-2025-27203 - Adobe Connect | Deserialization of Untrusted Data (CWE-502)
Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does require user interaction and scope is changed.
5.5
CVE-2025-27165 - Substance3D - Stager | Out-of-bounds Read (CWE-125)
Substance3D - Stager versions 3.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
CVE-2025-43584 - Substance3D - Viewer | Out-of-bounds Read (CWE-125)
Substance3D - Viewer versions 0.22 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.