PT-2025-53454

Name of the Vulnerable Software and Affected Versions Eaton UPS Companion software affected versions not specified Description The Eaton UPS Companion software contains a flaw related to insecure library loading. An attacker who has access to the software package could potentially execute arbitra...

FreeBSD : fluidsynth -- Use after free when using DLS files (bf854a37-e180-11f0-ac0c-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bf854a37-e180-11f0-ac0c-5404a68ad561 advisory. The fluidsynth authors report: A race condition during unloading of a DLS file can trigger a heap-based...

CVE-2025-14411

Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must...

CVE-2025-14498

TradingView Desktop Electron Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TradingView Desktop. An attacker must first obtain the ability to execute low-privileged code on the target...

CVE-2018-25154

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...

CVE-2018-25154

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...

CVE-2018-25154 GNU Barcode 0.99 Buffer Overflow in Code 93 Encoding Mechanism

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...

CVE-2018-25154 GNU Barcode 0.99 Buffer Overflow in Code 93 Encoding Mechanism

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...

CVE-2025-14930

A flaw was found in the Hugging Face Transformers library. The parsing of weights fails to validate user-supplied data, causing a deserialization of untrusted data. An attacker can exploit this issue by providing a malicious GLM4 model, resulting in arbitrary code execution in the context of the...

CVE-2025-14929

A flaw was found in the Hugging Face Transformers library. The parsing of checkpoints fails to validate user-supplied data, causing a deserialization of untrusted data. An attacker can exploit this issue by providing a malicious X-CLIP model, resulting in arbitrary code execution in the context o...

CVE-2025-14928

A flaw was found in the Hugging Face Transformers library. The convertconfig function fails to validate a user-supplied string before using it to execute Python code. An attacker can exploit this flaw by providing a malicious HuBERT model checkpoint, causing arbitrary code execution in the contex...

CVE-2025-14926

A flaw was found in the Hugging Face Transformers library. The convertconfig function fails to validate a user-supplied string before using it to execute Python code. An attacker can exploit this flaw by providing a malicious SEW model checkpoint, causing arbitrary code execution in the context o...

CVE-2025-14924

A flaw was found in the Hugging Face Transformers library. The parsing of checkpoints fails to validate user-supplied data, causing a deserialization of untrusted data. An attacker can exploit this issue by providing a malicious megatrongpt2 model, resulting in arbitrary code execution in the...

CVE-2025-14920

A flaw was found in the Hugging Face Transformers library. The parsing of model files fails to validate user-supplied data, causing a deserialization of untrusted data. An attacker can exploit this issue by providing a malicious Perceiver model or convincing a user to visit a malicious page,...

CVE-2024-40317

A reflected cross-site scripting XSS vulnerability in MyNET up to v26.08 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter HTTP...

CVE-2025-12839

A flaw was found in OpenEXR. This heap-based buffer overflow vulnerability occurs during the parsing of EXR files due to improper validation of user-supplied data length. A remote attacker could exploit this by tricking a user into opening a specially crafted malicious EXR file. Successful...

CVE-2025-12840

A flaw was found in OpenEXR. This heap-based buffer overflow vulnerability occurs during EXR file parsing due to improper validation of user-supplied data length. A remote attacker could exploit this by tricking a user into visiting a malicious page or opening a malicious EXR file. Successful...

EUVD-2025-205017

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

EUVD-2025-204989

Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must...

EUVD-2025-204993

Soda PDF Desktop PDF File Parsing Memory Corruption Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must...