EUVD-2025-201906

An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This...

CVE-2025-34397

CVE-2025-34397 : MailEnable

CVE-2025-32319

In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep foreground permissions due to a permissions bypass. This could lead to local escalation of privilege with user execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-14308

An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This...

CVE-2025-14308

An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This...

CVE-2025-42616

Some endpoints in vulnerability-lookup that modified application state e.g. changing database entries, user data, configurations, or other privileged actions may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw leaves the application vulnerable to Cross-Site...

October 14, 2025—KB5066782 (OS Build 20348.4294)

October 14, 2025—KB5066782 OS Build 20348.4294 Windows Secure Boot certificate expiration Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not update...

CVE-2025-14308

An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This...

CVE-2025-14308 Integer Overflow in Robocode's Buffer Write Method

An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This...

SAP NetWeaver 安全漏洞

SAP NetWeaver is a set of integrated service-oriented application platforms from SAP, Germany. The platform primarily provides a development and runtime environment for SAP applications. A security vulnerability exists in SAP NetWeaver that stems from insufficient input validation and improper...

NVIDIA Isaac-GR00T secure_server Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of NVIDIA Isaac-GR00T. Authentication is not required to exploit this vulnerability. The specific flaw exists within the secureserver method. The issue results from the lack of authentication prior to...

Substitution Cipher Based on The Voynich Manuscript

Here's a fun paper: "The Naibbe cipher: a substitution cipher that encrypts Latin and Italian as Voynich Manuscript-like ciphertext": Abstract: In this article, I investigate the hypothesis that the Voynich Manuscript MS 408, Yale University Beinecke Library is compatible with being a ciphertext ...

EUVD-2025-201599

A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection. It is...

CVE-2025-14190

A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection. It is...

CVE-2025-14190 Chanjet TPlus sql injection

A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection. It is...

CVE-2025-14190 Chanjet TPlus sql injection

A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection. It is...

Fixed in Apache Tomcat 9.0.113

Low: Security constraint bypass CVE-2026-24733 Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification invalid HEAD...

CVE-2025-27935

The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.1.0

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.1.0 Vulnerability Details CVEID:CVE-2025-41248 DESCRIPTION: The Spring Security annotation detection mechanism may not correctly resolve annotatio...

CVE-2025-27935

The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication...