5610 matches found
MAL-2025-43416 Malicious code in aether-venus-lacerta-less-loader (npm)
The package aether-venus-lacerta-less-loader was found to contain malicious code...
CVE-2025-56803
Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...
Fuji Electric FRENIC-Loader 4 Deserialization Vulnerability
Fuji Electric FRENIC-Loader 4 is a computer software designed for Fuji Electric inverters such as the FRENIC series, mainly for parameter setting, monitoring and debugging. A deserialization vulnerability exists in Fuji Electric FRENIC-Loader 4, which can be exploited by an attacker to execute...
CVE-2025-32321
In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Grub2: jfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
...
Grub2: reiserfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
...
Grub2: udf: heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution
...
CVE-2025-6984
CVE-2025-6984 (LangChain EverNoteLoader XXE) : The langchain-ai/langchain package’s EverNoteLoader is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. The affected version is 0.3.63, where etree.iterparse() is used without disabling external entity processing, enabling...
GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
...
sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.
...
An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.
...
Das U-Boot 2022.01 has a Buffer Overflow.
...
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.
...
CVE-2025-9365
Fuji Electric FRENIC-Loader 4 is vulnerable to unsafe deserialization of user-submitted serialized data when importing a file via a specific window, which may allow arbitrary code execution. Affected product: Fuji Electric FRENIC-Loader 4 (inverters). Root cause: deserialization of untrusted data...
CVE-2025-9365 Fuji Electric FRENIC-Loader 4 Deserialization of Untrusted Data
Fuji Electric FRENIC-Loader 4 is vulnerable to a deserialization of untrusted data when importing a file through a specified window, which may allow an attacker to execute arbitrary code...
CVE-2025-56803
Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...
CVE-2025-56803
Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...
Fuji Electric FRENIC-Loader 4 代码问题漏洞
Fuji Electric FRENIC-Loader 4 is a computer software designed for Fuji Electric inverters such as the FRENIC series, mainly for parameter setting, monitoring and debugging. A deserialization vulnerability exists in Fuji Electric FRENIC-Loader 4, which can be exploited by an attacker to execute...
Figma Desktop 安全漏洞
Figma Desktop is a vector graphics editor and prototyping tool from Figma. A security vulnerability exists in Figma Desktop version 125.6.5, which stems from a command injection vulnerability in the local plugin loader that could lead to remote code execution...
CVE-2025-56803
Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...