PT-2025-40106

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s rpmsg subsystem related to the destruction of the default endpoint. Specifically, the rpmsg dev remove function in rpmsg core is responsible for...

CVE-2025-60095

creationtimestamp| type| source ---|---|--- 2025-09-29 17:01:15+00:00| seen| Telegram/fZZnBsQY08L76PWluLnWBMXu6xyCp6CgxHAw0BYNmpcKlU...

CVE-2025-11025

Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0...

CVE-2025-10975

A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoningserver::runreasoningserver of the file experiments/robot/bridge/reasoningserver.py of the component ZeroMQ. Performing manipulati...

Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass

Impact A Cross-Site Request Forgery CSRF vulnerability was identified in Apollo’s Embedded Sandbox and Embedded Explorer. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the...

CVE-2025-11025

Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data. This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0...

CVE-2025-11025 Information Disclosure in Vimeosoft Information Technologies' Vimesoft Corporate Messaging Platform

Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data. This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0...

Digital Threat Modeling Under Authoritarianism

Today's world requires us to make complex and nuanced decisions about our digital security. Evaluating when to use a secure messaging app like Signal or WhatsApp, which passwords to store on your smartphone, or what to share on social media requires us to assess risks and make judgments...

Vimesoft Messaging Platform 安全漏洞

Vimesoft Messaging Platform is an enterprise instant messaging platform from the Turkish company Vimesoft. A security vulnerability exists in Vimesoft Messaging Platform version V1.3.0 up to and including version V2.0.0, which stems from the embedding of sensitive information in the sent data and...

PT-2025-39637

Name of the Vulnerable Software and Affected Versions Vimesoft Corporate Messaging Platform versions 1.3.0 through 1.9.9 Description A flaw exists in Vimesoft Corporate Messaging Platform that allows for the retrieval of embedded sensitive data. This issue involves the insertion of sensitive...

Bridging Technical Capability and User Accessibility: Off-Grid Civilian Emergency Communication

During large-scale crises disrupting cellular and Internet infrastructure, civilians lack reliable methods for communication, aid coordination, and access to trustworthy information. This paper presents a unified emergency communication system integrating a low-power, long-range network with a...

CVE-2025-59050

Greenshot is an open source Windows screenshot utility. Greenshot 1.3.300 and earlier deserializes attacker-controlled data received in a WMCOPYDATA message using BinaryFormatter.Deserialize without prior validation or authentication, allowing a local process at the same integrity level to trigge...

Race Condition within a Thread

Overview Affected versions of this package are vulnerable to Race Condition within a Thread via the Autoupdate helper tool. A local unprivileged attacker can gain elevated privileges by sending a very well-timed XPC message and connect to the daemon when it is spawned as root and requesting...

GreenShot 安全漏洞

GreenShot is a lightweight screenshot software tool for Windows from GreenShot, Inc. A security vulnerability exists in GreenShot 1.3.300 and earlier versions that originates from deserializing attacker-controlled data in the WMCOPYDATA message without validation or authentication, which could...

PT-2025-37754

Name of the Vulnerable Software and Affected Versions The Matrix versions prior to 1.16 Description The Matrix specification has deficient state resolution when using a room version before 12 and State Resolution before 2.1. Recommendations Update to version 1.16 or later...

CVE-2025-10183

A blind XML External Entity XXE injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. TecConnect 4.1 is considered end-of-life as of December 2023. Users are advised to upgrade to TecCo...

Linux Distros Unpatched Vulnerability : CVE-2017-0413

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate...

Linux Distros Unpatched Vulnerability : CVE-2017-0494

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission...

Linux Distros Unpatched Vulnerability : CVE-2017-0424

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission...

Linux Distros Unpatched Vulnerability : CVE-2017-0476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and...