EUVD-2025-6374

Malicious code in bioql PyPI...

EUVD-2025-23034

Malicious code in bioql PyPI...

CVE-2025-6636 PRT File Parsing Use-After-Free Vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-5040

Autodesk Revit is affected by CVE-2025-5040: parsing a malicious RTE file can trigger a Heap-Based Overflow in the RTE parser, potentially causing a crash, reading sensitive data, or executing arbitrary code in the current process. Several connected sources corroborate heap overflow/RCE vectors v...

CVE-2025-5036 RFA File Parsing Use-After-Free Vulnerability

A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-43564 ColdFusion | Incorrect Authorization (CWE-863)

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization...

BIT-DOLIBARR-2022-4093 SQL Injection in dolibarr/dolibarr

SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In...

CVE-2025-1427

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-1652

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-1649

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-25876

A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /delete.php. The attack can use SQL injection to obtain sensitive data...

Wyse Management Suite has an unspecified vulnerability (CNVD-2022-56655)

Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell, Inc. The product includes centralized Wyse endpoint management, asset tracking and automated device discovery, among other features.A security vulnerability exists in Wyse Management Suite version...

Chinese hackers infiltrate Indian Defence Research Organisation

According to an exclusive report published today by DNA news, the computers of highly sensitive Defence Research and Development Organisation DRDO have reportedly been hacked by Chinese hackers as biggest security breach in the Indian Defence ever. Infiltrate leading to the leak of thousands of t...

Unfixed XSS vulnerability at mobile.banananetwork.com

Security researcher Hotpockets, has submitted on 24/05/2007 a cross-site-scripting XSS vulnerability affecting mobile.banananetwork.com, which at the time of submission ranked 235370 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 24/05/2007. I...