(Pwn2Own) Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SMB data. The issue results from the lack of validati...

(Pwn2Own) Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ID3 data. The issue results from the lack of proper validation of the...

SAP KMC WPC 安全漏洞

SAP KMC WPC is a combination of enterprise content management and web publishing components from SAP. An information disclosure vulnerability exists in SAP KMC WPC, which can be exploited by an attacker to retrieve a user name via a simple parameter query, resulting in the disclosure of sensitive...

Siemens SCALANCE LPE9403 Operating System Command Injection Vulnerability (CNVD-2025-09962)

Siemens SCALANCE LPE9403 is a local processing engine for industrial field data processing from Siemens. It is used to capture, collect and pre-process industrial field data. The Siemens SCALANCE LPE9403 6GK5998-3GS00-2AC2 suffers from an operating system command injection vulnerability that...

Siemens SCALANCE LPE9403 操作系统命令注入漏洞

Siemens SCALANCE LPE9403 is a native processing engine for industrial field data processing from Siemens, Germany. It is used to capture, collect and pre-process industrial field data. Siemens SCALANCE LPE9403 6GK5998-3GS00-2AC2 V4.0 and prior versions suffer from an operating system command...

Linux Distros Unpatched Vulnerability : CVE-2024-42238

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Return error if block header overflows file Return an error from csdsppower...

SUSE CVE-2025-21741

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix DPE OoB read Fix an out-of-bounds DPE read, limit the number of processed DPEs to the amount that fits into the fixed-size NDP16 header...

PT-2025-7279 · Ibm · Ibm Cognos Controller +1

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 11.0.0 through 11.0.1 FP3 IBM Controller version 11.1.0 Description: The issue concerns an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to expose...

CVE-2024-12243

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially...

Updated libtasn1 packages fix security vulnerability

When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific element in it take quadratic time to complete. This could be utilized for a remote DoS attack by presenting a crafted certificate to the network peer...

IBM EntireX 代码问题漏洞

IBM EntireX is a versatile middleware solution from International Business Machines IBM designed to facilitate seamless integration between core enterprise applications and modern applications. A code issue vulnerability exists in IBM EntireX that stems from vulnerability to XML external entity...

PT-2025-5619 · Ndpi · Ndpi

Name of the Vulnerable Software and Affected Versions: nDPI versions 4.12 and earlier Description: The issue is a potential stack-based buffer overflow in the ndpi address cache restore function located in lib/ndpi cache.c. This could potentially lead to exploitation. Recommendations: For nDPI...

CVE-2024-12649

Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier...

CVE-2024-12648

Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and...

CVE-2024-12648

CVE-2024-12648 is a buffer overflow in TIFF EXIF tag processing on Canon Small Office/MFP and Laser Printers (multiple models) with firmware 05.04 and earlier. A remote network attacker could trigger unresponsiveness or arbitrary code execution. Affected products span Satera MF656Cdw/MF654Cdw (Ja...

BIT-PHP-MIN-2024-8925 Erroneous parsing of multipart form data

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...

Apache Hive和Apache Spark 安全漏洞

Apache Hive and Apache Spark are both products of the Apache Foundation, USA.Apache Hive is a suite of data warehouse software based on Hadoop Distributed Systems Infrastructure. The software provides a data integration approach and a high-level query language to support large-scale data analysis...

Lorex 2K Indoor Wi-Fi Security Camera 安全漏洞

Lorex 2K Indoor Wi-Fi Security Camera is a series of security cameras from Lorex Canada. A security vulnerability previously existed in the Lorex 2K Indoor Wi-Fi Security Camera version 2.800.0000000.8.R.20241111. An unauthenticated attacker exploiting this vulnerability could trigger a stack-bas...

ROS-20241203-14

Squid proxy server vulnerability is related to errors in input data processing. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service by sending specially crafted ESI packets. specially crafted ESI packets...

PandasAI Command Injection Vulnerability

PandasAI is a data processing application that combines Pandas, a data manipulation and analysis library, with AI, allowing users to interact with data through natural language without having to write complex code. PandasAI has a command injection vulnerability that can be exploited by an attacke...