TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Dell BSAFE, two in Fade In screenwriting software, and one in Trufflehog. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's...

CVE-2025-48396

Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

Deserialization Of Untrusted Data

Snipe-IT is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of untrusted serialized data, which allows an attacker to supply malicious objects that can be deserialized to execute arbitrary code or manipulate application logic...

Delta Electronics CNCSoft-G2

RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to execute arbitrary code in the context of the current process. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...

Fuji Electric Monitouch V-SFT-6 (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could crash the accessed device; a buffer overflow condition may allow remote code execution. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive...

Arbitrary Code Execution

Keras is vulnerable to Arbitrary Code Execution. The vulnerability is due to Model.loadmodel not honoring safemode=True when reading legacy .h5/.hdf5 archives and deserializing pickled Lambda-layer code from a crafted model file, which allows an attacker to supply a malicious archive that execute...

Multiple Roboticsware products register Windows services with unquoted file paths

Overview Multiple Roboticsware products provided by Roboticsware PTE. LTD. contain the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-64151 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...

WordPress plugin Elegance Menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress Advanced Ads plugin <= 2.0.12 - Unauthenticated Limited Code Execution vulnerability

Unauthenticated Limited Code Execution vulnerability discovered by mikemyers in WordPress Plugin Advanced Ads versions = 2.0.12...

xorg: xmayland: Use-after-free in XPresentNotify structure creation

A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an...

CVE-2025-48396

Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

CVE-2025-48396

Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

CVE-2025-48396

Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

CVE-2025-48396

CVE-2025-48396 concerns Eaton BLSS (Brightlayer Software Suite). The issue stems from improper validation of the file upload functionality, enabling arbitrary code execution. Affected versions are Eaton BLSS prior to the patch, with fixes implemented in the latest script patch version 7.3.0.SCP00...

NetSurf 安全漏洞

NetSurf is a lightweight browser from the NetSurf organization. A security vulnerability exists in NetSurf version 3.11, which stems from a flaw in the domnodenormalize function that could lead to the execution of arbitrary code...

Tenda AC8 安全漏洞

Tenda AC8 is a dual-band Gigabit wireless router from Tenda designed for home and small office environments. The Tenda AC8 suffers from a buffer overflow vulnerability that originates from manipulating the Time parameter in the /goform/DatabaseIniSet file without properly validating the input...

Microsoft Edge (Chromium-Based) < 142.0.3595.53 Multiple Vulnerabilities (Nov 2025)

Microsoft Edge Chromium-Based is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Tenda AC23 安全漏洞

Tenda AC23 is a home dual-band wireless router launched by Tenda, focusing on large home coverage and high-speed transmission, supporting 802.11acWave2 technology, dual-band concurrent rate up to 2033Mbps. Tenda AC23 has a buffer overflow vulnerability, the vulnerability stems from the file...

Tenda AC23 安全漏洞

Tenda AC23 is a home dual-band wireless router launched by Tenda, focusing on large home coverage and high-speed transmission, supporting 802.11acWave2 technology, dual-band concurrent rate up to 2033Mbps. Tenda AC23 has a buffer overflow vulnerability, the vulnerability stems from the parameter...

Astra Linux – Vulnerability in Node.js

A security flaw in Node.js allows for bypassing network import restrictions. By embedding non-network-related imports within data URLs, attackers can execute arbitrary code, compromising system security. This vulnerability has been confirmed on various platforms. It can be mitigated by prohibitin...