9.6
CVE-2025-27203 - Adobe Connect | Deserialization of Untrusted Data (CWE-502)
Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does require user interaction and scope is changed.
5.5
CVE-2025-27165 - Substance3D - Stager | Out-of-bounds Read (CWE-125)
Substance3D - Stager versions 3.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
CVE-2025-43584 - Substance3D - Viewer | Out-of-bounds Read (CWE-125)
Substance3D - Viewer versions 0.22 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
CVE-2025-43583 - Substance3D - Viewer | NULL Pointer Dereference (CWE-476)
Substance3D - Viewer versions 0.22 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user inβ¦
7.8
CVE-2025-43582 - Substance3D - Viewer | Heap-based Buffer Overflow (CWE-122)
Substance3D - Viewer versions 0.22 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user, scope unchanged. Exploitation of this issue requires user interaction in that a victim must open a malicious fiβ¦
6.9
CVE-2025-7196 - code-projects Jonnys Liquor browse.php sql injection
A vulnerability was found in code-projects Jonnys Liquor 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /browse.php. The manipulation of the argument Search leads to sql injection. The attack may be launched remotely. The exploit has been discloβ¦
5.3
CVE-2025-7031 - Config Pages Viewer - Critical - Access bypass - SA-CONTRIB-2025-086
Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Config Pages Viewer: from 0.0.0 before 1.0.4.
6.5
CVE-2025-7030 - Two-factor Authentication (TFA) - Less critical - Access bypass - SA-CONTRIB-2025-085
Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication (TFA) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.11.0.
5.2
CVE-2025-49542 - ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context ofβ¦
9.3
CVE-2025-49535 - ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to access sensitive information or denial of service bβ¦