CVE-2025-8557

An internal product security audit of Lenovo XClarity Orchestrator LXCO discovered the below vulnerability: An attacker with access to a device on the local Lenovo XClarity Orchestrator LXCO network segment may be able to manipulate the local device to create an alternate communication channel...

CVE-2025-8557

An internal product security audit of Lenovo XClarity Orchestrator LXCO discovered the below vulnerability: An attacker with access to a device on the local Lenovo XClarity Orchestrator LXCO network segment may be able to manipulate the local device to create an alternate communication channel...

CVE-2025-5005

A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/dingtalk/indexevent.php. The manipulation of the argument corpurl results in server-side request forgery. The attack can be launched...

CVE-2025-26449

In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

...

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.

...

If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

...

During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

...

Fuji Electric FRENIC-Loader 4

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...

PT-2025-35472

Name of the Vulnerable Software and Affected Versions: RemoteClinic versions prior to 2.1 Description: A vulnerability allows for unrestricted file upload via manipulation of the image argument in the /staff/edit.php file. The attack can be initiated remotely. The exploit is publicly available...

CVE-2025-9750 Campcodes Online Learning Management System login.php sql injection

A security flaw has been discovered in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/login.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The exploit has been...

GE Vernova CIMPLICITY

RISK EVALUATION Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure...

INVT VT-Designer and HMITool

RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code in the context of the current process. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...

CVE-2025-8997

OpenText Enterprise Security Manager has an Information Exposure vulnerability (CVE-2025-8997). The issue is described as remotely exploitable with network access, enabling disclosure of information and affecting confidentiality (high impact per CVSS: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/SC:N/V...

PT-2025-34670 · Opentext · Opentext Enterprise Security Manager

Name of the Vulnerable Software and Affected Versions: OpenText Enterprise Security Manager affected versions not specified Description: A Stored Cross-Site Scripting XSS vulnerability exists in OpenText Enterprise Security Manager. The vulnerability is remotely exploitable. Recommendations: At t...

PT-2025-34596 · Opentext · Opentext Enterprise Security Manager

Name of the Vulnerable Software and Affected Versions: OpenText Enterprise Security Manager affected versions not specified Description: An information exposure issue exists in OpenText Enterprise Security Manager. The issue is remotely exploitable. Recommendations: At the moment, there is no...

PT-2025-34566 · Vim +1 · Vim +1

Name of the Vulnerable Software and Affected Versions: vim versions prior to 9.1.1616 Description: A security flaw exists in vim due to a buffer overflow in the main function of the xxd.c file within the xxd component. The vulnerability is locally exploitable. An exploit for this issue has been...

PT-2025-34220

Name of the Vulnerable Software and Affected Versions: cmake version 4.1.20250725-gb5cce23 Description: A reachable assertion issue exists in the cmForEachFunctionBlocker::ReplayItems function within the cmForEachCommand.cxx file. The issue is locally exploitable and has been publicly disclosed...

Rockwell Automation 1756-EN4TR, 1756-EN4TRXT (Update B)

RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker causing a denial of service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network...

Rockwell Automation FactoryTalk Viewpoint

RISK EVALUATION Successful exploitation of this vulnerability could result in full privilege escalation. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...