7.8
CVE-2025-54273 - Substance3D - Viewer | Out-of-bounds Write (CWE-787)
Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
CVE-2025-54275 - Substance3D - Viewer | Out-of-bounds Write (CWE-787)
Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to crash the application or make it unavailable. Exploitation of this issue requires user interactionβ¦
7.8
CVE-2025-54280 - Substance3D - Viewer | Out-of-bounds Write (CWE-787)
Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
8.4
CVE-2025-23356 -
NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
6.9
CVE-2025-11736 - itsourcecode Online Examination System index.php sql injection
A flaw has been found in itsourcecode Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may bβ¦
7.7
CVE-2025-8459 - A user with low privileges can inject XSS in the Monitoring Recurrent downtimes page
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Monitoring recurrent downtime scheduler modules) allows Stored XSS.This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18,β¦
4.9
CVE-2025-37145 - Authenticated Arbitrary File Download Vulnerabilities in a Low-Level Interface Library Affecting AOβ¦
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
7
CVE-2025-59497 - Microsoft Defender for Linux Denial of Service Vulnerability
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.
7
CVE-2025-59289 - Windows Bluetooth Service Elevation of Privilege Vulnerability
Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
9.8
CVE-2025-59287 - Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.