PT-2025-28585 · Microsoft · Input Method Editor +1

Name of the Vulnerable Software and Affected Versions: Microsoft Input Method Editor IME affected versions not specified Description: The issue is related to an out-of-bounds read in the Microsoft Input Method Editor IME, which allows an authorized attacker to elevate privileges locally...

A Formal Refutation of the Blockchain Trilemma

The so-called blockchain trilemma asserts the impossibility of simultaneously achieving scalability, security, and decentralisation within a single blockchain protocol. In this paper, we formally refute that proposition. Employing predicate logic, formal automata theory, computational complexity...

PT-2025-28510 · Microsoft · Input Method Editor +1

Name of the Vulnerable Software and Affected Versions: Microsoft Input Method Editor IME affected versions not specified Description: The issue is related to a race condition due to improper synchronization when using a shared resource, allowing an authorized attacker to elevate privileges over a...

PT-2025-28523 · Microsoft · Input Method Editor +1

Name of the Vulnerable Software and Affected Versions: Microsoft Input Method Editor IME affected versions not specified Description: The issue is related to a use after free condition in the Microsoft Input Method Editor IME, which allows an authorized attacker to elevate privileges locally. Thi...

Security Bulletin: Maximo AI Service Component: Spring Security Aspects may not correctly locate method security annotations on private methods.

Summary Security Bulletin: Maximo AI Service Component Component uses Spring Security Aspects may not correctly locate method security annotations on private methods.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-22233...

CVE-2025-6807

Marvell QConvergeConsole getDriverTmpPath Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The...

CVE-2025-6794

CVE-2025-6794 affects Marvell QConvergeConsole. A flaw in the saveAsText method allows directory traversal due to inadequate validation of user-supplied paths, enabling remote code execution with SYSTEM privileges and no authentication required. Multiple connected sources (NVD, Red Hat, CIRCL, ZD...

CVE-2025-6794 Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability

Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw...

Mescius ActiveReports.NET 代码问题漏洞

Mescius ActiveReports.NET is a .NET reporting tool from Mescius Japan. A code issue vulnerability exists in Mescius ActiveReports.NET that stems from the ReadValue method not properly validating user-supplied data, which could lead to deserialization attacks and remote code execution...

CVE-2025-53483

ArchivePage.php, UnarchivePage.php, and VoterEligibilityPageexecuteClear do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42....

CVE-2025-53483

ArchivePage.php, UnarchivePage.php, and VoterEligibilityPageexecuteClear do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42....

CVE-2025-27025

The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root...

uri: userinfo leakage in URI#join, URI#merge and URI#+

A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using...

CVE-2025-40732

user enumeration vulnerability in Daily Expense Manager v1.0. To exploit this vulnerability a POST request must be sent using the name parameter in /check.php...

CVE-2025-5823

Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is...

CVE-2025-6445

ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

(0Day) Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the decryptFile method. The issue results from the lack o...

PT-2025-27274 · Marvell · Qconvergeconsole

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole affected versions not specified Description: This issue allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole without requiring authentication. The problem lies in the...

D-Link DIR-619L form_macfilter method buffer overflow vulnerability

The D-Link DIR-619L is a wireless router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-619L version 2.06B01, which stems from the formmacfilter method failing to properly validate the length size of the input data, and can be exploited by a remote attacker ...

GHSA-R995-Q44H-HR64 Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling

Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...