EUVD-2025-206661

Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download a...

SUSE CVE-2026-1761

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption...

PT-2026-5816

StreamRipper32 version 2.6 contains a buffer overflow vulnerability in the Station/Song Section that allows attackers to overwrite memory by manipulating the SongPattern input. Attackers can craft a malicious payload exceeding 256 bytes to potentially execute arbitrary code and compromise the...

TP-Link Archer AX53 安全漏洞

The TP-Link Archer AX53 is a dual-core router produced by TP-Link Corporation. The TP-Link Archer AX53 v1.0 1.3.1 Build 20241120 and earlier versions have a security vulnerability. This vulnerability stems from a heap buffer overflow, which may lead to segmentation errors or the execution of...

PT-2026-5945

Name of the Vulnerable Software and Affected Versions Lexmark Embedded Solutions Framework affected versions not specified Description A relative path traversal issue exists in the Embedded Solutions Framework used in Lexmark devices. An attacker could potentially use this to execute arbitrary co...

PT-2026-6504

Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper...

PT-2026-6195

Name of the Vulnerable Software and Affected Versions ELECOM wireless LAN access point devices affected versions not specified Description A stack-based buffer overflow exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution. Recommendations At th...

CVE-2025-70560

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...

EUVD-2025-206725

An arbitrary file upload vulnerability in the AddFont function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-70559

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...

PT-2026-5949

Name of the Vulnerable Software and Affected Versions Lexmark devices affected versions not specified Description An out-of-bounds read issue exists in the Postscript interpreter used in Lexmark devices. An attacker can potentially use this to execute arbitrary code with unprivileged user...

PT-2026-5925

Name of the Vulnerable Software and Affected Versions TP-Link Archer AX53 versions 1.0 through 1.3.1 Build 20241120 Description A heap-based buffer overflow exists in the tmpserver modules of TP-Link Archer AX53. This flaw allows authenticated attackers in an adjacent network to trigger a...

TP-Link Archer AX53 安全漏洞

The TP-Link Archer AX53 is a dual-core router produced by TP-Link Corporation. The TP-Link Archer AX53 v1.0 1.3.1 Build 20241120 and earlier versions have a security vulnerability. This vulnerability stems from a heap buffer overflow, which may lead to segmentation errors or the execution of...

CVE-2025-67189

CVE-2025-67189 affects TOTOLINK A950RG, specifically the setParentalRules interface where the urlKeyword parameter is not properly validated. The vulnerability arises from concatenating multiple user-supplied fields into a fixed-size stack buffer without boundary checks, enabling a remote attacke...

Flexense Disk Sorter Enterprise 代码问题漏洞

Flexense Disk Sorter Enterprise is a file management and disk space analysis software developed by Flexense Corporation. Version 12.4.16 of Flexense Disk Sorter Enterprise contains a code vulnerability. This vulnerability stems from a service path vulnerability in service configurations that lack...

PT-2026-5948

Name of the Vulnerable Software and Affected Versions Lexmark CX532adwe affected versions not specified Description A type confusion exists within the Postscript interpreter in Lexmark devices. This issue allows an attacker to execute arbitrary code as an unprivileged user. The vulnerability was...

CVE-2025-70560

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...

CVE-2025-70560

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...

StreamRipper32 安全漏洞

StreamRipper32 is an open-source tool developed by StreamRipper for capturing and saving MP3 files from online radio stations. Version 2.6 of StreamRipper32 contains a security vulnerability, which stems from a buffer overflow in the Station/Song Section component, potentially allowing arbitrary...

PT-2026-6414

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...