Medium: giflib

Issue Overview: Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c CVE-2023-48161 Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb. CVE-2024-45993 NOTE:...

PT-2025-41905

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 144 Description When switching between Android apps using the card carousel, Firefox displays a black screen as its card image if a password-related screen was the last one used. Prior to version 144, the password edi...

EUVD-2025-34059

A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash BSOD. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information...

EUVD-2025-34060

A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash BSOD or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory f...

CVE-2025-9337

The vulnerability is a null pointer dereference in the AsIO3.sys driver used by ASUS Armoury Crate. Affected component: AsIO3.sys; root cause: null pointer dereference triggered by specially crafted input. Consequence: system crash (BSOD). References to ASUS advisory indicate impact tied to Armou...

CVE-2025-9336

A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash BSOD or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory f...

CVE-2025-9336

The CVE-2025-9336 entry concerns the ASUS Armoury Crate software, specifically the AsIO3.sys driver. Multiple sources confirm a stack buffer overflow in AsIO3.sys that can be triggered by input manipulation, potentially leading to a system crash (BSOD) or other undefined execution. Consequences n...

CVE-2025-21063

Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen...

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application SEA feature as a way to distribute its payloads. According to Fortinet FortiGuard Labs, select iterations have also employed the open-source...

CVE-2025-21063

Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen...

CVE-2025-21063

Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen...

CVE-2025-21063

Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen...

EUVD-2025-33670

Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen...

CVE-2025-21063

Samsung Voice Recorder on Android 15 before 21.5.73.12 and on Android 16 before 21.5.81.40 contains an improper access control flaw that lets a physical attacker access recorded files from the lock screen. The vulnerability affects the recording app itself (Samsung Voice Recorder) and arises from...

PT-2025-41523

Name of the Vulnerable Software and Affected Versions Samsung Voice Recorder versions prior to 21.5.73.12 in Android 15 and prior to 21.5.81.40 in Android 16 Description An improper access control issue exists in Samsung Voice Recorder. A physical attacker can access recording files on the lock...

Fuji Electric V-SFT 缓冲区错误漏洞

Fuji Electric V-SFT is a screen configuration software from Fuji Electric Japan. A buffer error vulnerability exists in Fuji Electric V-SFT v6.2.7.0 and earlier versions, which stems from an out-of-bounds write in the setAnimationItem function that could lead to information disclosure and arbitra...

CVE-2025-59998

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Archive Log screen that, when visited by another user, enables the attacker to execute commands with the target's...

CVE-2025-59998 Junos Space: Archive Logs screen is vulnerable to reflected cross-site script injection

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Archive Log screen that, when visited by another user, enables the attacker to execute commands with the target's...

PT-2025-41434

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R4 Description An Improper Neutralization of Input During Web Page Generation issue exists in Juniper Networks Junos Space. This allows an attacker to inject script tags in the Archive Log...

Disrupting threats targeting Microsoft Teams

The extensive collaboration features and global adoption of Microsoft Teams make it a high-value target for both cybercriminals and state-sponsored actors. Threat actors abuse its core capabilities – messaging chat, calls and meetings, and video-based screen-sharing – at different points along th...