187 matches found
EUVD-2024-49805
Malicious code in bioql PyPI...
EUVD-2025-25851
Malicious code in bioql PyPI...
EUVD-2022-32080
Malicious code in bioql PyPI...
EUVD-2025-24492
Malicious code in bioql PyPI...
EUVD-2025-26615
Malicious code in bioql PyPI...
EUVD-2024-50594
Malicious code in bioql PyPI...
CVE-2025-7981
Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the targ...
CVE-2025-57776
There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid address when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially...
CVE-2025-57778
There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid source address when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a...
CVE-2025-9189 Out Of Bounds Write when parsing a DSB file with Digilent DASYLab
There is an out of bounds write vulnerability due to improper bounds checking resulting in a large destination address when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a...
CVE-2025-0082
In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
PT-2025-34599 · Google · Google Cloud Dataform
Name of the Vulnerable Software and Affected Versions: Google Cloud Dataform affected versions not specified Description: A path traversal vulnerability exists in the NPM package installation process of Google Cloud Dataform. A remote attacker can read and write files in other customers'...
PT-2025-34104
Name of the Vulnerable Software and Affected Versions MJM QuickPlayer version 2010 Description MJM QuickPlayer also known as MJM Player contains a stack-based buffer overflow triggered by opening a malicious .s3m music file. This issue arises from improper bounds checking in the file parser, whic...
CVE-2025-54203
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2025-49555
CVE-2025-49555 affects Adobe Commerce/Magento Open Source (versions 2.4.9-alpha1 through earlier) with a Cross-Site Request Forgery (CSRF) vulnerability that can lead to privilege escalation when a user is authenticated. Exploitation requires user interaction (victim visits malicious site or clic...
PT-2025-32404 · Photodex · Proshow Producer
Name of the Vulnerable Software and Affected Versions: Photodex ProShow Producer version 5.0.3256 Description: Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. When a specially crafted load file is placed in...
Rockwell Automation Arena < 16.20.10 Multiple Vulnerabilities
The version of Rockwell Automation Arena installed on the remote Windows host is prior to 16.20.10. It is, therefore, affected by a multiple vulnerabilities - A memory abuse issue exists in the affected product. A custom file can force Arena Simulation to read and write past the end of memory...
CVE-2025-7025
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose...
MAL-2025-6378 Malicious code in vite-postcss-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3ccfb9649799b2451c498f5d749045e87056e774d48d5463c04488ec58620fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-7264
IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...