Vulnerabilities fixed in Rockwell Automation Arena

Rockwell Automation has fixed vulnerabilities in Arena Simulation. The vulnerabilities are in the way Arena Simulation processes files, with this it is possible to manipulate and read memory. The vulnerabilities allow malicious actors to reveal sensitive information and execute arbitrary code whe...

The vulnerability of the software for programming operator panels of the VT series, such as VT-Designer, arises from writing beyond buffer boundaries, allowing a hacker to execute arbitrary code.

The vulnerability of the software for programming operator panels of the VT series, such as VT-Designer, lies in the writing beyond buffer boundaries when processing PM3 files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the software for programming operator panels of the VT series, namely VT-Designer, arises from errors in data type mixing, allowing a hacker to execute arbitrary code.

The vulnerability of the software for programming operator panels of the VT series, such as VT-Designer, is related to errors in data type mixing during the processing of PM3 files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2025-43221

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory...

CVE-2025-43239

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. Processing a maliciously crafted file may lead to unexpected app termination...

CVE-2025-31280

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted file may lead to heap corruption...

PT-2025-31453 · Unknown · Simple Car Rental System

Name of the Vulnerable Software and Affected Versions: Simple Car Rental System version 1.0 Description: A problematic issue has been found in the processing of the /admin/add vehicles.php file. Manipulation of the car name argument can lead to cross site scripting. The attack can be initiated...

CVE-2025-43277

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.8. Processing a maliciously crafted audio file may lead to memory corruption...

GO-2025-3811 File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing in github.com/filebrowser/filebrowser

File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing in github.com/filebrowser/filebrowser...

CVE-2025-8171

The connected records provide concrete details for CVE-2025-8171 in code-projects Document Management System 1.0. The issue resides in the /insert.php endpoint where manipulation of the uploaded_file argument leads to unrestricted file uploads, enabling remote initiation of an attack. Multiple so...

libxml2: Fix of 2 CVEs

CVE-2025-49794: fix memory safety issues in xmlSchematronReportOutput when parsing XPath elements - CVE-2025-49796: fix memory corruption issue triggered by processing sch:name elements in input XML file...

PT-2025-31823 · Gnu +1 · Gpac +1

Уязвимость функции m2tsdmx send packet утилиты MP4Box мультимедийной платформы GPAC связана с переполнением буфера в куче при обработке TS-файлов. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код при открытии специально сформированного файла...

GHSA-7XQM-7738-642X File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing

Summary A Denial of Service DoS vulnerability exists in the file processing logic when reading a file on endpoint Filebrowser-Server-IP:PORT/files/file-name . While the server correctly handles and stores uploaded files, it attempts to load the entire content into memory during read operations...

File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing

Summary A Denial of Service DoS vulnerability exists in the file processing logic when reading a file on endpoint Filebrowser-Server-IP:PORT/files/file-name . While the server correctly handles and stores uploaded files, it attempts to load the entire content into memory during read operations...

CVE-2025-53893

CVE-2025-53893 affects the filebrowser/filebrowser 2.38.0 DoS vulnerability where the server loads entire file content into memory during reads (e.g., /files/{file-name} or /api/resources/{file-name}) without size checks, enabling an authenticated user to trigger memory exhaustion and potentially...

Cockpit < 2.11.4 XSS

The version of Cockpit running on the remote web server prior to 2.11.4. A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site...

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software, related to the occurrence of operations outside the buffer in memory, allows attackers to disclose protected information.

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing functionality is related to the occurrence of operations outside the buffer during the processing of PRC files. Exploiting this vulnerability can allow an attacker to disclose protected information...

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the possibility of an operation going beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing functionality lies in the issue of operations going beyond the buffer in memory during the processing of PRC files. Exploiting this vulnerability allows an attacker to execute arbitrary code...

CVE-2025-3044 MD5 Hash Collision in run-llama/llama_index

A vulnerability in the ArxivReader class of the run-llama/llamaindex repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each othe...

CVE-2025-7053 Cockpit save cross site scripting

A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version...