A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE Database V5

Detailed information about CVE-2025-5047: CWE-457: Use of Uninitialized Variable in Autodesk AutoCAD affecting Autodesk AutoCAD. Get real-time updates, technica

CVE-2025-5047: CWE-457: Use of Uninitialized Variable in Autodesk AutoCAD - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-5047: CWE-457: Use of Uninitialized Variable in Autodesk AutoCAD

A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Detailed information about CVE-2025-5046: CWE-125 Out-of-Bounds Read in Autodesk AutoCAD affecting Autodesk AutoCAD. Get real-time updates, technical details, a

CVE-2025-5046: CWE-125 Out-of-Bounds Read in Autodesk AutoCAD - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-5046: CWE-125 Out-of-Bounds Read in Autodesk AutoCAD

Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin.

This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used.

Even unauthenticated attackers can exploit this vulnerability.


Users are recommended to upgrade to version 24.09.02, which fixes the issue.

CVE-2025-54466 is a critical vulnerability classified under CWE-94, which pertains to improper control of code generation, commonly known as code injection. This vulnerability affects the Apache OFBiz platform, specifically versions prior to 24.09.02 when the scrum plugin is enabled. Apache OFBiz is an open-source enterprise resource planning (ERP) system widely used for business process automation, including e-commerce, manufacturing, and supply chain management. The scrum plugin is an optional component used for agile project management within OFBiz. The vulnerability allows unauthenticated attackers to inject and execute arbitrary code remotely, leading to remote code execution (RCE). This means an attacker can run malicious code on the server hosting OFBiz without needing any prior authentication or user interaction, significantly increasing the risk and ease of exploitation. The root cause is the improper sanitization or validation of inputs that are used in code generation within the scrum plugin, allowing attackers to craft payloads that get executed by the system. Although no known exploits have been reported in the wild yet, the severity and nature of this vulnerability make it a high-risk issue that could lead to full system compromise, data theft, or disruption of business operations. The vendor has addressed this vulnerability in Apache OFBiz version 24.09.02, and users are strongly advised to upgrade to this version to mitigate the risk.

Detailed information about CVE-2025-54466: CWE-94 Improper Control of Generation of Code ('Code Injection') in Apache Software Foundation Apache OFBiz affecting

CVE-2025-54466: CWE-94 Improper Control of Generation of Code ('Code Injection') in Apache Software Foundation Apache OFBiz - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-54466: CWE-94 Improper Control of Generation of Code ('Code Injection') in Apache Software Foundation Apache OFBiz

A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /updatesubcategory.php. The manipulation of the argument t1/s1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-9053 is a SQL Injection vulnerability identified in version 1.0 of the projectworlds Travel Management System, specifically within the /updatesubcategory.php file. The vulnerability arises from improper sanitization or validation of the input parameters 't1' and 's1', which are directly used in SQL queries. This flaw allows an unauthenticated attacker to remotely inject malicious SQL code, potentially manipulating the backend database. The CVSS 4.0 score of 6.9 (medium severity) reflects that the attack vector is network-based (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and has partial impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The vulnerability is exploitable without authentication or user interaction, increasing its risk profile. Although no known exploits are currently observed in the wild, the public disclosure of the exploit code raises the likelihood of exploitation attempts. The absence of patches or mitigation guidance from the vendor at this time further elevates the risk. SQL Injection vulnerabilities can lead to unauthorized data access, data modification, or even complete compromise of the underlying database and application, depending on the database permissions and environment configuration. Given the nature of travel management systems, which typically handle sensitive customer data, booking details, and payment information, exploitation could result in significant data breaches and operational disruptions.

Detailed information about CVE-2025-9053: SQL Injection in projectworlds Travel Management System affecting projectworlds Travel Management System. Get real-tim

CVE-2025-9053: SQL Injection in projectworlds Travel Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-9053: SQL Injection in projectworlds Travel Management System

A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Detailed information about CVE-2025-5048: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Autodesk AutoCAD affecting Autodesk 