Lucene search
K

5610 matches found

OSV
OSV
added 2025/09/05 5:10 p.m.1 views

MAL-2025-43416 Malicious code in aether-venus-lacerta-less-loader (npm)

The package aether-venus-lacerta-less-loader was found to contain malicious code...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/09/05 12:34 a.m.13 views

CVE-2025-56803

Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...

8.4CVSS7.7AI score0.01058EPSS
Exploits3References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.2 views

Fuji Electric FRENIC-Loader 4 Deserialization Vulnerability

Fuji Electric FRENIC-Loader 4 is a computer software designed for Fuji Electric inverters such as the FRENIC series, mainly for parameter setting, monitoring and debugging. A deserialization vulnerability exists in Fuji Electric FRENIC-Loader 4, which can be exploited by an attacker to execute...

8.4CVSS7.8AI score0.00186EPSS
Exploits0References1
OSV
OSV
added 2025/09/04 7:15 p.m.2 views

CVE-2025-32321

In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00082EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/09/04 3:5 p.m.3 views

Grub2: jfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data

...

6.4CVSS7AI score0.00253EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/09/04 2:58 p.m.3 views

Grub2: reiserfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data

...

6.4CVSS7AI score0.00251EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/09/04 1:48 p.m.5 views

Grub2: udf: heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution

...

7.8CVSS7AI score0.0044EPSS
Exploits0
CVE
CVE
added 2025/09/04 8:7 a.m.42 views

CVE-2025-6984

CVE-2025-6984 (LangChain EverNoteLoader XXE) : The langchain-ai/langchain package’s EverNoteLoader is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. The affected version is 0.3.63, where etree.iterparse() is used without disabling external entity processing, enabling...

7.5CVSS7.4AI score0.01531EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2025/09/04 4:53 a.m.5 views

GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.

...

8.8CVSS7AI score0.00708EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/09/04 4:14 a.m.6 views

sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.

...

7.1CVSS7AI score0.00361EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/09/04 3:4 a.m.3 views

An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.

...

7.1CVSS7AI score0.00359EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/09/03 9:49 p.m.3 views

Das U-Boot 2022.01 has a Buffer Overflow.

...

5.5CVSS7AI score0.00439EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/09/03 9:40 p.m.4 views

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.

...

7.5CVSS7AI score0.02029EPSS
Exploits1
CVE
CVE
added 2025/09/03 7:34 p.m.22 views

CVE-2025-9365

Fuji Electric FRENIC-Loader 4 is vulnerable to unsafe deserialization of user-submitted serialized data when importing a file via a specific window, which may allow arbitrary code execution. Affected product: Fuji Electric FRENIC-Loader 4 (inverters). Root cause: deserialization of untrusted data...

8.4CVSS7AI score0.00186EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/03 7:34 p.m.3 views

CVE-2025-9365 Fuji Electric FRENIC-Loader 4 Deserialization of Untrusted Data

Fuji Electric FRENIC-Loader 4 is vulnerable to a deserialization of untrusted data when importing a file through a specified window, which may allow an attacker to execute arbitrary code...

8.4CVSS7AI score0.00186EPSS
Exploits0References2
OSV
OSV
added 2025/09/03 6:15 p.m.4 views

CVE-2025-56803

Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...

8.4CVSS6.1AI score0.01058EPSS
Exploits3References2
NVD
NVD
added 2025/09/03 6:15 p.m.10 views

CVE-2025-56803

Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...

8.4CVSS0.01058EPSS
Exploits3References2
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.1 views

Fuji Electric FRENIC-Loader 4 代码问题漏洞

Fuji Electric FRENIC-Loader 4 is a computer software designed for Fuji Electric inverters such as the FRENIC series, mainly for parameter setting, monitoring and debugging. A deserialization vulnerability exists in Fuji Electric FRENIC-Loader 4, which can be exploited by an attacker to execute...

8.4CVSS7.7AI score0.00186EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.3 views

Figma Desktop 安全漏洞

Figma Desktop is a vector graphics editor and prototyping tool from Figma. A security vulnerability exists in Figma Desktop version 125.6.5, which stems from a command injection vulnerability in the local plugin loader that could lead to remote code execution...

8.4CVSS8AI score0.01058EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2025/09/03 12:0 a.m.1 views

CVE-2025-56803

Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...

7.2AI score0.01058EPSS
Exploits3References2
Rows per page
Query Builder