CVE-2025-14332 Memory safety bugs fixed in Firefox 146 and Thunderbird 146

Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146 and Thunderbird 146...

CVE-2025-14332

CVE-2025-14332 is a memory-safety bug found in Firefox 145 and Thunderbird 145, with potential for arbitrary code execution. It affects Firefox and Thunderbird versions older than 146. The connected documents indicate remediation by upgrading to Firefox/Thunderbird 146. If upgrading is not possib...

CVE-2025-40937

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected application do not properly validate input parameters in its REST API, resulting in improper handling of unexpected arguments. This could allow an authenticated attacker to execute arbitrary code with limited...

CVE-2025-40937

CVE-2025-40937 affects Siemens SIMATIC CN 4100. Connected sources confirm a command-injection vulnerability due to insufficient REST API input validation, exploitable by an authenticated attacker to execute arbitrary code with limited privileges on all CN 4100 devices running versions older than ...

CVE-2025-14308 Integer Overflow in Robocode's Buffer Write Method

An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This...

Insecure Temporary File

Overview net.sf.robocode:robocode.battle is a Build the best - destroy the rest! Affected versions of this package are vulnerable to Insecure Temporary File via the createTempFile function. An attacker can execute arbitrary code or overwrite critical files by manipulating the temporary file...

CVE-2025-14307

Robocode 1.9.3.6 AutoExtract has an insecure temporary file creation vulnerability in createTempFile that can allow race-condition exploitation to potentially execute arbitrary code or overwrite files. The issue arises from insecure handling of temporary files, as described across multiple source...

Universal Boot Loader (U-Boot) (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...

CVE-2025-42874 Denial of service (DOS) in SAP NetWeaver (remote service for Xcelsius)

SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system due to insufficient input validation and improper handling of remote method calls. Exploitation does not require user interaction and could lead to...

Adobe DNG SDK 输入验证错误漏洞

Adobe DNG Software Development Kit SDK is a software development kit from the American company Audobee Adobe. An input validation error vulnerability exists in Adobe DNG Software Development Kit SDK, which can be exploited by an attacker to execute arbitrary code on a system or cause an applicati...

Microsoft Windows win32kbase Out-Of-Bounds Access Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kbase...

MailEnable 代码问题漏洞

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a code issue vulnerability that stems from an insecure DLL loading mechanism that can be exploited by an attacker to...

Allsky Camera 安全漏洞

Allsky Camera is an Allsky open source camera system for photographing and monitoring the entire sky. A security vulnerability exists in Allsky Camera version v2024.12.0606, which originates from cross-site scripting and could lead to the execution of arbitrary code...

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A buffer error vulnerability exists in Mozilla Firefox versions prior to 146 and ESR 140.6, which stems from a memory security issue that could lead to memory corruption and execution of arbitrary code...

Adobe Acrobat Reader 代码问题漏洞

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDFs. A code issue vulnerability exists in Adobe Acrobat Reader versions 24.001.30264 and 20.005.30793 and 25.001.20982 and 24.001.30273 and 20.005.30803 and prior...

Fortinet FortiSandbox 操作系统命令注入漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from US-based Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. An operating system command injection vulnerability exists in Fortine...

Siemens RUGGEDCOM ROX II 注入漏洞

Siemens RUGGEDCOM ROX II is an operating system for industrial applications from Siemens, Germany. Siemens RUGGEDCOM ROX II suffers from an injection vulnerability that stems from insufficient validation of SCEP client fields, which can be exploited by an attacker to cause execution of arbitrary...

PT-2025-50281

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2025.4, 2023.16, and 2021.22 and earlier Description ColdFusion versions 2025.4, 2023.16, and 2021.22 and earlier are susceptible to an unrestricted file upload issue with dangerous file types. Successful exploitation of th...

Robocode 安全漏洞

Robocode is an open source programming game by Robocode. A security vulnerability exists in Robocode version 1.9.3.6, which stems from insufficient data length validation and could lead to a buffer overflow and arbitrary code execution...

CVE-2025-56704

LeptonCMS 7.3.0 is affected by an arbitrary file upload vulnerability caused by insufficient validation of uploaded files. An authenticated attacker can upload a crafted ZIP/PHP file to execute arbitrary code. Affected software: LeptonCMS 7.3.0. Root cause: lack of proper validation during file u...