EUVD-2025-35047

SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorporates unsanitized user inputs into SQL queries, allowing unauthenticated attackers to bypass authentication and gain full access...

Agentic AI’s OODA Loop Problem

The OODA loop --for observe, orient, decide, act--is a framework to understand decision-making in adversarial situations. We apply the same framework to artificial intelligence agents, who have to make their decisions with untrustworthy observations and orientation. To solve this problem, we need...

JLSEC-2025-142 A flaw was found in FFmpeg's TTY Demuxer

A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists...

OESA-2025-2457 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat in Expat before version 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document...

bagisto has Cross Site Scripting (XSS) in Create New Customer

Summary In Bagisto v2.3.7, the “Create New Customer” feature in the admin panel is vulnerable to reflected / stored Cross-Site Scripting XSS. An attacker with access to the admin create-customer form can inject malicious JavaScript payloads into certain input fields. These payloads may later...

CVE-2025-11840

A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks...

CVE-2025-11839

A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tgtagtype of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks...

CVE-2025-53717

Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...

CVE-2025-9437

A security issue exists within the Studio 5000 Logix Designer add-on profile AOP for the ArmorStart Classic distributed motor controller, resulting in denial-of-service. This vulnerability is possible due to the input of invalid values into Component Object Model COM methods...

Regular Expression Denial Of Service (ReDoS)

Cattown is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to the use of inefficient regular expressions with potentially exponential backtracking complexity, which allows an attacker to craft malicious markdown inputs that cause excessive CPU usage and lead to...

Amazon Linux 2023 : cuda-nsight-compute-13 (ALAS2023NVIDIA-2025-176)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-176 advisory. NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successfu...

Duplicate

This advisory duplicates another...

EUVD-2025-34353

Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...

CVE-2025-53717

Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...

CVE-2025-53717

Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...

CVE-2024-50571

A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, FortiAnalyzer 7.2.0 through 7.2.9, FortiAnalyzer 7.0.0 through 7.0.13, FortiAnalyzer 6.4 all versions, FortiAnalyzer 6.2 all versions, FortiAnalyzer 6.0 all versions,...

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...

CVE-2025-9437

The CVE-2025-9437 entry describes a denial-of-service vulnerability in the Studio 5000 Logix Designer add-on profile (AOP) used with Rockwell Automation’s ArmorStart Classic distributed motor controller. Technical details across connected sources indicate the issue stems from inputting invalid va...

CVE-2025-9437 Rockwell Automation ArmorStart® AOP Denial-of-Service Vulnerability

A security issue exists within the Studio 5000 Logix Designer add-on profile AOP for the ArmorStart Classic distributed motor controller, resulting in denial-of-service. This vulnerability is possible due to the input of invalid values into Component Object Model COM methods...

EUVD-2025-34179

A security issue exists within the Studio 5000 Logix Designer add-on profile AOP for the ArmorStart Classic distributed motor controller, resulting in denial-of-service. This vulnerability is possible due to the input of invalid values into Component Object Model COM methods...