The vulnerability of the PCX Image development platform’s SDP code allows attackers to execute arbitrary code.

The vulnerability of the PCX Image development platform’s SDP code base relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

The vulnerability of the PCX Image development platform’s SDP code base allows attackers to trigger a service failure.

The vulnerability of the PCX Image development platform’s SDP code base is related to the manipulation of the zero pointer. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

The vulnerability of the TIFF Image development platform QNX SDP allows attackers to disclose protected information.

The vulnerability of the TIFF Image development platform QNX SDP is related to an off-by-one error. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by the system’s security measures...

The vulnerability of the PCX Image development platform’s SDP code base allows attackers to trigger a service failure.

The vulnerability of the PCX Image development platform’s SDP is related to improper validation of the specified data type. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects

Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects, in the wild during routine threat hunting. Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated...

SUSE CVE-2025-27607

Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party...

CVE-2024-12742

A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3...

Unsafe Dependency Resolution

Overview python-json-logger is a JSON Log Formatter for the Python Logging Package Affected versions of this package are vulnerable to Unsafe Dependency Resolution through the deletion of a critical dependency which could be maliciously claimed by a third party. An attacker can execute arbitrary...

CVE-2025-27607 Python JSON Logger has a Potential RCE via missing `msgspec-python313-pre` dependency

Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party...

CVE-2023-38693

Lucee Server or simply Lucee is a dynamic, Java based, tag and scripting language used for rapid web application development. The Lucee REST endpoint is vulnerable to RCE via an XML XXE attack. This vulnerability is fixed in Lucee 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, and 5.3.9.173...

OESA-2025-1251 openjdk-1.8.0 security update

The OpenJDK runtime environment 8. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4,...

Simplicity SDK 安全漏洞

Simplicity SDK is a Simplicity software development kit from Silicon Open Source. A security vulnerability exists in Simplicity SDK that originates from a buffer over-read that occurs when an invalid packet is received...

CVE-2025-27156

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail...

CVE-2025-27402

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields. This vulnerability i...

CVE-2025-27150

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by support teams that should not have access t...

CVE-2024-12742

A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3...

CVE-2024-12742

CVE-2024-12742 describes a deserialization of untrusted data vulnerability in NI G Web Development Software. Affected: NI G Web Development Software 2022 Q3 and earlier. The flaw exists in parsing of GWEBPROJECT files, with exploitation requiring a user to open a specially crafted project file or...

CVE-2024-12742 Deserialization of Untrusted Data Vulnerability in NI G Web Development Software

A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3...

CVE-2024-12742 Deserialization of Untrusted Data Vulnerability in NI G Web Development Software

A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3...

USN-7335-1: Django vulnerability

It was discovered that Django incorrectly handled text wrapping. An attacker could possibly use this issue to cause a denial of service...