Linux Distros Unpatched Vulnerability : CVE-2025-60495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A segmentation violation in the gfmediagetcolorinfo function /mediatools/isomtools.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of...

DEBIAN-CVE-2025-60495

A segmentation violation in the gfmediagetcolorinfo function /mediatools/isomtools.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted data file...

CVE-2025-60495

A segmentation violation in the gfmediagetcolorinfo function /mediatools/isomtools.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted data file...

EUVD-2025-210007

A segmentation violation in the gfmediagetcolorinfo function /mediatools/isomtools.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted data file...

PT-2026-45419

A segmentation violation in the gf media get color info function /media tools/isom tools.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted data file...

CVE-2025-60495

CVE-2025-60495 describes a segmentation violation in the gf_media_get_color_info function (located in /media_tools/isom_tools.c) of the GPAC Project/MP4Box tool, vulnerable when using versions before 26.02.0. Successful exploitation via a crafted data file can cause a Denial of Service (DoS). The...

CVE-2025-67634

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

CVE-2025-67634

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

PT-2025-50979

Name of the Vulnerable Software and Affected Versions CISA Software Acquisition Guide Supplier Response Web Tool versions prior to 2025-12-11 Description The CISA Software Acquisition Guide Supplier Response Web Tool was susceptible to cross-site scripting through text fields. An attacker could...

EUVD-2025-24571

Malicious code in bioql PyPI...

EUVD-2025-28629

Malicious code in bioql PyPI...

CVE-2025-9188

There is a deserialization of untrusted data vulnerability in Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted DSB file. The vulnerability affects all versions of DASYLab...

CVE-2025-9189

There is an out of bounds write vulnerability due to improper bounds checking resulting in a large destination address when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a...

Linux Distros Unpatched Vulnerability : CVE-2018-17436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ReadCode in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service invalid write access via a crafted HDF5 file. This...

Linux Distros Unpatched Vulnerability : CVE-2018-1000546

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Triplea version = 1.9.0.0.10291 contains a XML External Entity XXE vulnerability in Importing game data that can result in Possible information disclosure,...

PT-2025-32992 · Unknown · Cyclonedx Sunshine

Name of the Vulnerable Software and Affected Versions: CycloneDX Sunshine version 0.9 Description: CycloneDX Sunshine version 0.9 is vulnerable to CSV Formula Injection via a crafted JSON file. Recommendations: At the moment, there is no information about a newer version that contains a fix for...

CVE-2024-12130

An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute...

PT-2024-9982 · Rockwell Automation · Rockwell Automation Arena

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena affected versions not specified Description: The issue is related to a "use after free" code execution vulnerability. This vulnerability could allow a threat actor to craft a DOE file and force the software to use a...

PT-2024-1437 · Delta Electronics · Dopsoft

Name of the Vulnerable Software and Affected Versions: Delta Industrial Automation DOPSoft affected versions not specified Description: A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesTimeLen field of a DPS file. A remote,...

CVE-2023-5136

An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file...