CVE-2025-11009 Information Disclosure Vulnerability in GT Designer3

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GT Designer3 Version1 GOT2000 all versions and Mitsubishi Electric GT Designer3 Version1 GOT1000 all versions allows a local unauthenticated attacker to obtain plaintext credentials from the project file for GT...

CVE-2025-11009 Information Disclosure Vulnerability in GT Designer3

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GT Designer3 Version1 GOT2000 all versions and Mitsubishi Electric GT Designer3 Version1 GOT1000 all versions allows a local unauthenticated attacker to obtain plaintext credentials from the project file for GT...

EUVD-2025-203861

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GT Designer3 Version1 GOT2000 all versions and Mitsubishi Electric GT Designer3 Version1 GOT1000 all versions allows a local unauthenticated attacker to obtain plaintext credentials from the project file for GT...

CVE-2025-53524

Fuji Electric Monitouch V-SFT-6 is affected. The vulnerability is an out-of-bounds write during parsing of specially crafted project files (notably in V7 file parsing), which can lead to arbitrary code execution. Exploitation requires user interaction (per ZDI advisories) and is described as remo...

CVE-2025-53524 Fuji Electric Monitouch V-SFT-6 Out-of-bounds Write

Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

CVE-2025-53524 Fuji Electric Monitouch V-SFT-6 Out-of-bounds Write

Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

EUVD-2025-203858

Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

Time Will Tell: Large-Scale De-Anonymization of Hidden I2P Services Via Live Behavior Alignment (Extended Version)

I2P Invisible Internet Project is a popular anonymous communication network. While existing de-anonymization methods for I2P focus on identifying potential traffic patterns of target hidden services among extensive network traffic, they often fail to scale effectively across the large and diverse...

Fuji Electric Monitouch V-SFT-6 缓冲区错误漏洞

Fuji Electric Monitouch V-SFT-6 is a screen configuration software from Fuji Electric, Japan. A buffer error vulnerability exists in Fuji Electric Monitouch V-SFT-6, which originates from an out-of-bounds write when processing a specially crafted project file, and could lead to the execution of...

Mitsubishi Electric GT Designer3 安全漏洞

Mitsubishi Electric GT Designer3 is a suite of HMI programming software from Mitsubishi Electric Japan. A security vulnerability exists in Mitsubishi Electric GT Designer3 Version1 GOT2000 version and Version1 GOT1000 version, which originates from storing sensitive information in plaintext in...

WordPress plugin Zephyr Project Manager 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path...

Zed 命令注入漏洞

Zed is an open source code editor from Zed Industries. A command injection vulnerability exists in versions prior to Zed 0.218.2-pre that stems from loading a malicious MCP configuration from the settings.json file in the project.zed subdirectory, which could lead to arbitrary code execution...

PT-2025-51796

Name of the Vulnerable Software and Affected Versions Fuji Electric Monitouch V-SFT-6 affected versions not specified Description The software contains a flaw due to an out-of-bounds write condition when handling a specifically designed project file. Successful exploitation of this issue could...

PT-2025-51976

Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.218.2-pre Description The Zed IDE is susceptible to arbitrary code execution through maliciously crafted Model Context Protocol MCP configurations. These configurations, found in the settings.json file within a project’...

PT-2025-51975

Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.218.2-pre Description The Zed IDE is susceptible to arbitrary code execution. The IDE loads Language Server Protocol LSP configurations from the settings.json file within a project’s .zed subdirectory. A malicious LSP...

CVE-2025-65834

Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A memory access violation occurs when processing MLT project files with manipulated width and height parameters. By setting these values to extremely large numbers, the application attempts to allocate excessive memory during image...

CVE-2025-65834

Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A memory access violation occurs when processing MLT project files with manipulated width and height parameters. By setting these values to extremely large numbers, the application attempts to allocate excessive memory during image...

EUVD-2025-203792

In the Linux kernel, the following vulnerability has been resolved: usb: storage: Fix memory leak in USB bulk transport A kernel memory leak was identified by the 'ioctlsg01' test from Linux Test Project LTP. The following bytes were mainly observed: 0x53425355. When USB storage devices incorrect...

CVE-2023-53897

The vulnerability described for CVE-2023-53897 affects Rukovoditel 3.4.1, with multiple stored cross-site scripting flaws in project task comments. Underlying issue: stored XSS that allows an authenticated attacker to inject malicious scripts, which can execute in the browsers of victims when com...

CVE-2023-53897 Rukovoditel 3.4.1 Multiple Stored Cross-Site Scripting via Comments

Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers...