Linux Distros Unpatched Vulnerability : CVE-2025-60495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A segmentation violation in the gfmediagetcolorinfo function /mediatools/isomtools.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of...

DEBIAN-CVE-2025-60495

A segmentation violation in the gfmediagetcolorinfo function /mediatools/isomtools.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted data file...

CVE-2025-60495

A segmentation violation in the gfmediagetcolorinfo function /mediatools/isomtools.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted data file...

EUVD-2025-210007

A segmentation violation in the gfmediagetcolorinfo function /mediatools/isomtools.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted data file...

PT-2026-45419

A segmentation violation in the gf media get color info function /media tools/isom tools.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted data file...

CVE-2025-60495

CVE-2025-60495 describes a segmentation violation in the gf_media_get_color_info function (located in /media_tools/isom_tools.c) of the GPAC Project/MP4Box tool, vulnerable when using versions before 26.02.0. Successful exploitation via a crafted data file can cause a Denial of Service (DoS). The...

CVE-2025-67634

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

CVE-2025-67634

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

PT-2025-50979

Name of the Vulnerable Software and Affected Versions CISA Software Acquisition Guide Supplier Response Web Tool versions prior to 2025-12-11 Description The CISA Software Acquisition Guide Supplier Response Web Tool was susceptible to cross-site scripting through text fields. An attacker could...

EUVD-2025-24571

Malicious code in bioql PyPI...

EUVD-2025-28629

Malicious code in bioql PyPI...

CVE-2025-9188

There is a deserialization of untrusted data vulnerability in Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted DSB file. The vulnerability affects all versions of DASYLab...

CVE-2025-9189

There is an out of bounds write vulnerability due to improper bounds checking resulting in a large destination address when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a...

Linux Distros Unpatched Vulnerability : CVE-2018-17436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ReadCode in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service invalid write access via a crafted HDF5 file. This...

Linux Distros Unpatched Vulnerability : CVE-2018-1000546

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Triplea version = 1.9.0.0.10291 contains a XML External Entity XXE vulnerability in Importing game data that can result in Possible information disclosure,...

PT-2025-32992 · Unknown · Cyclonedx Sunshine

Name of the Vulnerable Software and Affected Versions: CycloneDX Sunshine version 0.9 Description: CycloneDX Sunshine version 0.9 is vulnerable to CSV Formula Injection via a crafted JSON file. Recommendations: At the moment, there is no information about a newer version that contains a fix for...

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the ability to write code beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the writing beyond buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DOE file...

CVE-2024-12130

An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute...

PT-2024-9982 · Rockwell Automation · Rockwell Automation Arena

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena affected versions not specified Description: The issue is related to a "use after free" code execution vulnerability. This vulnerability could allow a threat actor to craft a DOE file and force the software to use a...

PT-2024-1437 · Delta Electronics · Dopsoft

Name of the Vulnerable Software and Affected Versions: Delta Industrial Automation DOPSoft affected versions not specified Description: A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesTimeLen field of a DPS file. A remote,...