24h | 7d | 30d

CVE-2025-41738

Overview

  • CODESYS
  • CODESYS Control RTE (SL)
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.08%
KEV

Description

An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture
CERT@VDE @certvde

VDE-2025-100
CODESYS Control - Invalid type usage in visualization

A vulnerability in the CODESYS Control runtime system's CmpVisuServer component allows attackers to cause a denial-of-service (DoS) by sending special request to the CODESYS Web- or remote Target Visu. The issue is triggered by an internal read access using a pointer of wrong type.
CVE-2025-41738

certvde.com/en/advisories/vde-

codesys.csaf-tp.certvde.com/.w

  • 0
  • 0
  • 0
  • 9h ago

CVE-2025-13601

Overview

  • glib
26 Nov 2025
Published
27 Nov 2025
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

Statistics

  • 1 Post
Last activity: 5 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Security Bulletin: CVE-2025-13601 / glib2 on Fedora 43. The #Fedora project has released glib2 2.86.2 to remediate a critical integer overflow vulnerability (CVE-2025-13601) in the g_escape_uri_string() function. Read more: 👉 tinyurl.com/38fdekuw #Security
  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-64772

Overview

  • Sony Corporation
  • INZONE Hub
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS v3.0
HIGH (7.8)
EPSS
0.01%
KEV

Description

The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-64772: HIGH-severity vuln in Sony INZONE Hub installer (v1.0.10.3–1.0.17.0). Uncontrolled DLL search path enables local code execution. Restrict installer use & monitor for suspicious activity. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-61610

Overview

  • Unisoc (Shanghai) Technologies Co., Ltd.
  • T8100/T9100/T8200/T8300
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.21%
KEV

Description

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Statistics

  • 1 Post
Last activity: 10 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-61610 (HIGH): Unisoc T8100/T9100/T8200/T8300 chipsets (Android 13-16) are at risk of remote DoS via NR modem crash (improper input validation). No authentication needed. Monitor for patches & apply network controls. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 10h ago

CVE-2025-41739

Overview

  • CODESYS
  • CODESYS PLCHandler
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS v3.1
MEDIUM (5.9)
EPSS
0.08%
KEV

Description

An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture
CERT@VDE @certvde

VDE-2025-099
CODESYS Control - Linux/QNX SysSocket flaw

A vulnerability has been identified in the CODESYS Control runtime system, which includes an abstraction layer designed to ensure compatibility across different operating systems. This layer is used both by affected CODESYS products and by applications running on the PLC.
CVE-2025-41739

certvde.com/en/advisories/vde-

codesys.csaf-tp.certvde.com/.w

  • 0
  • 0
  • 0
  • 9h ago

CVE-2024-51999

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 4 Posts
Last activity: 2 hours ago

Fediverse

Profile picture
Ulises Gascon @ulisesgascon

🚨 low-severity security fix in express@4.22.0 just released!

Patches CVE-2024-51999 — improperly controlled modification of query properties in express

github.com/expressjs/express/r

  • 0
  • 0
  • 3
  • 2h ago

CVE-2025-54057

Overview

  • Apache Software Foundation
  • Apache SkyWalking
27 Nov 2025
Published
28 Nov 2025
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking: <= 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue.

Statistics

  • 1 Post
Last activity: 23 hours ago

Bluesky

Profile picture
CrowdCyber @crowdcyber.bsky.social
Security Alert: Apache SkyWalking Stored XSS Vulnerability (CVE-2025-54057)
  • 0
  • 0
  • 0
  • 23h ago

CVE-2025-61260

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture
piggo @pigondrugs.bsky.social
~Checkpoint~ A vulnerability in OpenAI Codex CLI allows remote code execution via malicious project-local configuration files when a developer runs the tool. - IOCs: (None identified) - #CVE202561260 #RCE #SupplyChain #ThreatIntel
  • 0
  • 0
  • 0
  • 2h ago

CVE-2025-48593

Overview

  • Google
  • Android
18 Nov 2025
Published
19 Nov 2025
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture
Zhuowei Zhang @zhuowei
Weird: my Android 11 device doesn't seem to be vulnerable to CVE-2025-48593 (the Android Bluetooth headset issue), even after I enabled Headset Client with root. I guess that's why the bulletin says it's Android 13-16 only?
  • 0
  • 0
  • 0
  • Last hour

CVE-2025-60709

Overview

  • Microsoft
  • Windows 11 Version 25H2
11 Nov 2025
Published
26 Nov 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.05%
KEV

Description

Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

🚨 Alleged Sale of Exploit Code for CVE-2025-60709

darkwebinformer.com/alleged-sa

  • 0
  • 0
  • 0
  • 2h ago
Showing 21 to 30 of 45 CVEs