EUVD-2025-27101

Malicious code in bioql PyPI...

EUVD-2025-5466

Malicious code in bioql PyPI...

CVE-2025-52658

HCL MyXalytics is affected by the use of vulnerable/outdated versions which can expose the application to known security risks that could be exploited...

CVE-2025-10707 JeecgBoot sendMsg improper authorization

A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be...

CVE-2025-8557

An internal product security audit of Lenovo XClarity Orchestrator LXCO discovered the below vulnerability: An attacker with access to a device on the local Lenovo XClarity Orchestrator LXCO network segment may be able to manipulate the local device to create an alternate communication channel...

CVE-2025-8557

An internal product security audit of Lenovo XClarity Orchestrator LXCO discovered the below vulnerability: An attacker with access to a device on the local Lenovo XClarity Orchestrator LXCO network segment may be able to manipulate the local device to create an alternate communication channel...

CVE-2025-5005

A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/dingtalk/indexevent.php. The manipulation of the argument corpurl results in server-side request forgery. The attack can be launched...

CVE-2025-26449

In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

...

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.

...

If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

...

During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

...

Fuji Electric FRENIC-Loader 4

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...

PT-2025-35472

Name of the Vulnerable Software and Affected Versions: RemoteClinic versions prior to 2.1 Description: A vulnerability allows for unrestricted file upload via manipulation of the image argument in the /staff/edit.php file. The attack can be initiated remotely. The exploit is publicly available...

CVE-2025-9750 Campcodes Online Learning Management System login.php sql injection

A security flaw has been discovered in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/login.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The exploit has been...

GE Vernova CIMPLICITY

RISK EVALUATION Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure...

INVT VT-Designer and HMITool

RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code in the context of the current process. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...

CVE-2025-8997

OpenText Enterprise Security Manager has an Information Exposure vulnerability (CVE-2025-8997). The issue is described as remotely exploitable with network access, enabling disclosure of information and affecting confidentiality (high impact per CVSS: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/SC:N/V...

PT-2025-34596 · Opentext · Opentext Enterprise Security Manager

Name of the Vulnerable Software and Affected Versions: OpenText Enterprise Security Manager affected versions not specified Description: An information exposure issue exists in OpenText Enterprise Security Manager. The issue is remotely exploitable. Recommendations: At the moment, there is no...

PT-2025-34670 · Opentext · Opentext Enterprise Security Manager

Name of the Vulnerable Software and Affected Versions: OpenText Enterprise Security Manager affected versions not specified Description: A Stored Cross-Site Scripting XSS vulnerability exists in OpenText Enterprise Security Manager. The vulnerability is remotely exploitable. Recommendations: At t...