Lucene search
+L

846 matches found

euvd
euvd
added 2025/11/20 6:31 p.m.4 views

EUVD-2025-198295

Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...

7.3CVSS7.3AI score0.00326EPSS
Exploits1References3
cvelist
cvelist
added 2025/11/20 4:38 p.m.11 views

CVE-2025-12120 CVE-2025-12120

Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...

0.00326EPSS
Exploits1References2
osv
osv
added 2025/11/20 4:38 p.m.6 views

CVE-2025-12120 CVE-2025-12120

Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...

7.3CVSS7.8AI score0.00326EPSS
Exploits1References4
alpinelinux
alpinelinux
added 2025/11/20 4:38 p.m.7 views

CVE-2025-12120

Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...

7.3CVSS7.9AI score0.00326EPSS
Exploits1References2
cvelist
cvelist
added 2025/11/12 10:8 p.m.9 views

CVE-2011-10034 IRAI AUTOMGEN <= 8.0.0.7 Use-After-Free Remote DoS

AUTOMGEN versions up to and including 8.0.0.7 also referenced as 8.022 contain a vulnerability in that project file handling frees an object and subsequently dereferences the stale pointer when processing certain malformed fields. The dangling-pointer use enables an attacker to influence an...

6.9CVSS0.00569EPSS
Exploits0References3
cve
cve
added 2025/11/12 10:8 p.m.12 views

CVE-2011-10034

CVE-2011-10034 affects IRAI AUTOMGEN up to version 8.0.0.7 (also 8.022). The issue is a use-after-free in project file handling: freeing an object then dereferencing a stale pointer when processing certain malformed fields. This dangling-pointer scenario enables an attacker to influence an indire...

6.9CVSS7.5AI score0.00569EPSS
Exploits0References3
osv
osv
added 2025/11/12 4:47 p.m.2 views

MAL-2025-155900 Malicious code in ican-poke23 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bff3d3ae7cc9acba1782d8ce836464dfbfdf25e260114f7da8c9a36ab7d4350 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
cnnvd
cnnvd
added 2025/11/12 12:0 a.m.3 views

IRAI Automgen 安全漏洞

IRAI Automgen is a general-purpose automation software workbench from IRAI France. A security vulnerability exists in IRAI Automgen version 8.0.0.7 and prior versions, which originates from a post-release reuse issue in project file handling that could result in a denial of service or remote code...

6.9CVSS7.8AI score0.00569EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/11/12 12:0 a.m.4 views

PT-2025-46725

AUTOMGEN versions up to and including 8.0.0.7 also referenced as 8.022 contain a vulnerability in that project file handling frees an object and subsequently dereferences the stale pointer when processing certain malformed fields. The dangling-pointer use enables an attacker to influence an...

6.9CVSS7.9AI score0.00569EPSS
Exploits0References4
ossf
ossf
added 2025/11/11 10:56 p.m.3 views

Malicious code in mute_tern_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f17f8bae7c44e5dfab5abe30de89768d27051561438bd3a88812feb1add8302 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
osv
osv
added 2025/11/11 3:19 p.m.3 views

MAL-2025-117016 Malicious code in serious_mollusk_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7b9634360adf6462319daa7f8e34b19df02fdc805bcfde00da78c965dc3cafd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
osv
osv
added 2025/11/11 12:17 a.m.3 views

MAL-2025-64703 Malicious code in oktafian-gepuk80-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bdbcb845bb5a80065804364342b7ab922887fd527b872c8aba40bd8a1ddbc2a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
ossf
ossf
added 2025/11/10 6:2 p.m.3 views

Malicious code in legislative_tiglon_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb9b3026fd21555a1d30b2ec705ca30368bee7f3c08f751d587a2e7d19b8ba3b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
redhatcve
redhatcve
added 2025/11/05 10:4 p.m.9 views

CVE-2025-54526

Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

8.4CVSS7.9AI score0.00174EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/11/05 10:4 p.m.8 views

CVE-2025-54496

A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code...

8.4CVSS7.8AI score0.0018EPSS
Exploits0References1
osv
osv
added 2025/11/04 10:16 p.m.6 views

CVE-2025-54496

A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code...

8.4CVSS6.2AI score0.0018EPSS
Exploits0References3
osv
osv
added 2025/11/04 10:16 p.m.6 views

CVE-2025-54526

Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

8.4CVSS6.3AI score0.00174EPSS
Exploits0References3
nvd
nvd
added 2025/11/04 10:16 p.m.8 views

CVE-2025-54526

Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

8.4CVSS0.00174EPSS
Exploits0References3
cve
cve
added 2025/11/04 9:37 p.m.24 views

CVE-2025-54526

CVE-2025-54526 concerns Fuji Electric Monitouch V-SFT-6/V-SFT with a stack-based buffer overflow in parsing crafted project/V7 files, leading to remote code execution . ZDI advisories describe the flaw as a lack of proper validation of the length of user-supplied data before copying it into a fix...

8.4CVSS7.3AI score0.00174EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2025/11/04 9:37 p.m.12 views

CVE-2025-54526 Fuji Electric Monitouch V-SFT-6 Stack-based Buffer Overflow

Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

8.4CVSS0.00174EPSS
Exploits0References3
Rows per page
Query Builder