120932 matches found
CVE-2025-60595
CVE-2025-60595 affects SPH Engineering UgCS 5.13.0 and enables arbitrary code execution. The included metrics indicate a network-exposed, low-Complexity attack with no privileges required and no user interaction, resulting in high integrity impact and low confidentiality impact. The sources confi...
[SECURITY] [DSA 6043-1] gimp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6043-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2025 https://www.debian.org/security/faq -...
Deserialization Of Untrusted Data
h2o is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of JDBC connection parameters with insufficient input validation, which allows an attacker to bypass regular expression checks using double URL encoding and subsequently read arbitrary files or...
libtiff: Libtiff Write-What-Where
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...
Adobe Experience Manager Forms - Insecure Deserialization
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user...
libtiff: Libtiff Write-What-Where
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...
CVE-2025-52263
An issue in the Web Configuration module of Startcharge Artemis AC Charger 7-22 kW v1.0.4 allows authenticated network-adjacent attackers to upload crafted firmware, leading to arbitrary code execution...
VulnCheck KEV: CVE-2025-6204
An Improper Control of Generation of Code Code Injection vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code...
Dassault Systèmes DELMIA Apriso Code Injection Vulnerability
Dassault Systèmes DELMIA Apriso contains a code injection vulnerability that could allow an attacker to execute arbitrary code...
WAVLINK QUANTUM D3G和WAVLINK WL-WN530HG3 安全漏洞
WAVLINK QUANTUM D3G and WAVLINK WL-WN530HG3 are both products of China RuiYin WAVLINK company.WAVLINK QUANTUM D3G is a router.WAVLINK WL-WN530HG3 is a WiFi router. A security vulnerability exists in the WAVLINK QUANTUM D3G and WAVLINK WL-WN530HG3 that originates from a stack-based buffer overflow...
UBUNTU-CVE-2025-62229
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an...
KLA89736 ACE vulnerability in Mozilla Firefox
Use-after-free vulnerability was found in Mozilla Firefox. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories MFSA2025-86 Related products Mozilla-Firefox CVE list CVE-2025-12380 unknown Solution Update to the latest version Download Firefox Impacts ACE...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability that is caused by the use of a WebGPU internal release triggered by an infected child process. An attacker could exploit the vulnerability to...
Debian dsa-6043 : gimp - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6043 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6043-1 [email protected] https://www.debian.org/securit...
CVE-2025-27224
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file...
EUVD-2025-36188
An issue in the Web Configuration module of Startcharge Artemis AC Charger 7-22 kW v1.0.4 allows authenticated network-adjacent attackers to upload crafted firmware, leading to arbitrary code execution...
CVE-2025-52263
An issue in the Web Configuration module of Startcharge Artemis AC Charger 7-22 kW v1.0.4 allows authenticated network-adjacent attackers to upload crafted firmware, leading to arbitrary code execution...
[SECURITY] [DLA 4351-1] thunderbird security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4351-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 27, 2025 https://wiki.debian.org/LTS -...
StarCharge Artemis AC Charger 安全漏洞
StarCharge Artemis AC Charger is an AC charger from StarCharge Singapore. A security vulnerability exists in the StarCharge Artemis AC Charger version 7-22 kW v1.0.4, which stems from a Web Configuration module that allows the upload of specially crafted firmware, which could lead to the executio...
CVE-2025-52263
An issue in the Web Configuration module of Startcharge Artemis AC Charger 7-22 kW v1.0.4 allows authenticated network-adjacent attackers to upload crafted firmware, leading to arbitrary code execution...