CVE-2023-53993 PCI/DOE: Fix memory leak with CONFIG_DEBUG_OBJECTS=y

In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix memory leak with CONFIGDEBUGOBJECTS=y After a pcidoetask completes, its workstruct needs to be destroyed to avoid a memory leak with CONFIGDEBUGOBJECTS=y...

CVE-2025-68130

tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router...

GHSA-43P4-M455-4F4J tRPC has possible prototype pollution in `experimental_nextAppDirCaller`

Note that this vulnerability is only present when using experimentalcaller / experimentalnextAppDirCaller. Summary A Prototype Pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router adapter. An attacker can pollute Object.prototype by...

Prototype Pollution

Overview @trpc/server is a The tRPC server library Affected versions of this package are vulnerable to Prototype Pollution via the formDataToObject function. An attacker can modify Object.prototype by submitting specially crafted FormData field names, which may result in authorization bypass,...

CVE-2025-64085

A NULL pointer dereference vulnerability in the importDataObject function of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service DoS via a crafted input...

EUVD-2025-202265

A NULL pointer dereference vulnerability in the importDataObject function of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service DoS via a crafted input...

PDF-XChange Editor 安全漏洞

PDF-XChange Editor is a PDF file viewing software from PDF-XChange running on Microsoft Windows systems. A security vulnerability exists in PDF-XChange Editor version v10.7.3.401, which originates from the presence of a null pointer dereference in the function importDataObject, which could lead t...

CVE-2025-64085

A NULL pointer dereference vulnerability in the importDataObject function of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-64085

PDF-XChange Editor v10.7.3.401 has a NULL pointer dereference in importDataObject() that can be triggered by crafted input to cause a Denial of Service. Documents (NVD/Red Hat/EUVD/CVE List/CNNVD) confirm DoS via this input; exploitation details are not provided in the available materials, and no...

PT-2025-50126

Name of the Vulnerable Software and Affected Versions PDF-XChange Editor version 10.7.3.401 Description A flaw exists in PDF-XChange Editor that involves a NULL pointer dereference within the importDataObject function. This issue can be exploited by attackers to trigger a Denial of Service DoS...

EUVD-2025-180011

Malicious code in book-data-short-index-object npm...

EUVD-2011-5258

Malware in sbrugna...

CVE-2011-10030

Foxit PDF Reader 4.3.1.0218 exposes a JavaScript API function, createDataObject, that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code...

CVE-2011-10030 Foxit PDF Reader < 4.3.1.0218 JavaScript File Write

Foxit PDF Reader 4.3.1.0218 exposes a JavaScript API function, createDataObject, that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code...

CVE-2011-10030

Foxit PDF Reader 4.3.1.0218 exposes a JavaScript API function, createDataObject, that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code...

PT-2025-34111 · Undefined · Undefined

Foxit PDF Reader 4.3.1.0218 exposes a JavaScript API function, createDataObject, that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code...

Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Feng Office 代码问题漏洞

Feng Office formerly known as OpenGoo is an open source online office system by the Feng Office team. The system provides task management, schedule management, document management and Email sending and receiving functions. A code issue vulnerability exists in Feng Office version 3.2.2.1, which...

CVE-2025-31049 WordPress Dash <= 1.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This issue affects Dash: from n/a through 1.3...

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the ability to write code beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the writing beyond buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DOE file...