24h | 7d | 30d

CVE-2025-41738

Overview

  • CODESYS
  • CODESYS Control RTE (SL)
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.08%
KEV

Description

An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture
CERT@VDE @certvde

VDE-2025-100
CODESYS Control - Invalid type usage in visualization

A vulnerability in the CODESYS Control runtime system's CmpVisuServer component allows attackers to cause a denial-of-service (DoS) by sending special request to the CODESYS Web- or remote Target Visu. The issue is triggered by an internal read access using a pointer of wrong type.
CVE-2025-41738

certvde.com/en/advisories/vde-

codesys.csaf-tp.certvde.com/.w

  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-13601

Overview

  • glib
26 Nov 2025
Published
27 Nov 2025
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

Statistics

  • 1 Post
Last activity: 12 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Security Bulletin: CVE-2025-13601 / glib2 on Fedora 43. The #Fedora project has released glib2 2.86.2 to remediate a critical integer overflow vulnerability (CVE-2025-13601) in the g_escape_uri_string() function. Read more: 👉 tinyurl.com/38fdekuw #Security
  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-61610

Overview

  • Unisoc (Shanghai) Technologies Co., Ltd.
  • T8100/T9100/T8200/T8300
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.21%
KEV

Description

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-61610 (HIGH): Unisoc T8100/T9100/T8200/T8300 chipsets (Android 13-16) are at risk of remote DoS via NR modem crash (improper input validation). No authentication needed. Monitor for patches & apply network controls. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago

CVE-2025-41739

Overview

  • CODESYS
  • CODESYS PLCHandler
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS v3.1
MEDIUM (5.9)
EPSS
0.08%
KEV

Description

An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture
CERT@VDE @certvde

VDE-2025-099
CODESYS Control - Linux/QNX SysSocket flaw

A vulnerability has been identified in the CODESYS Control runtime system, which includes an abstraction layer designed to ensure compatibility across different operating systems. This layer is used both by affected CODESYS products and by applications running on the PLC.
CVE-2025-41739

certvde.com/en/advisories/vde-

codesys.csaf-tp.certvde.com/.w

  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-64775

Overview

  • Apache Software Foundation
  • Apache Struts
  • org.apache.struts:struts2-core
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture
OMO @omo.bsky.social
SIOSセキュリティブログを更新しました。 Apache Strutsの脆弱性(Important: CVE-2025-64775) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #apache #struts security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 2h ago

CVE-2024-51999

Overview

  • expressjs
  • express
01 Dec 2025
Published
01 Dec 2025
Updated
CVSS v4.0
LOW (2.7)
EPSS
Pending
KEV

Description

Express.js minimalist web framework for node. Prior to 5.2.0 and 4.22.0, when using the extended query parser in express ('query parser': 'extended'), the request.query object inherits all object prototype properties, but these properties can be overwritten by query string parameter keys that match the property names. This vulnerability is fixed in 5.2.0 and 4.22.0.

Statistics

  • 4 Posts
Last activity: 9 hours ago

Fediverse

Profile picture
Ulises Gascon @ulisesgascon

🚨 low-severity security fix in express@4.22.0 just released!

Patches CVE-2024-51999 — improperly controlled modification of query properties in express

github.com/expressjs/express/r

  • 0
  • 0
  • 3
  • 9h ago

CVE-2025-61260

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 8 hours ago

Bluesky

Profile picture
piggo @pigondrugs.bsky.social
~Checkpoint~ A vulnerability in OpenAI Codex CLI allows remote code execution via malicious project-local configuration files when a developer runs the tool. - IOCs: (None identified) - #CVE202561260 #RCE #SupplyChain #ThreatIntel
  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-13757

Overview

  • Devolutions
  • Server
27 Nov 2025
Published
01 Dec 2025
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture
CrowdCyber @crowdcyber.bsky.social
Critical Devolutions Server Flaw (CVE-2025-13757) Allows Authenticated SQL Injection to Steal All Passwords
  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-48593

Overview

  • Google
  • Android
18 Nov 2025
Published
19 Nov 2025
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 3 Posts
Last activity: Last hour

Fediverse

Profile picture
Zhuowei Zhang @zhuowei
Weird: my Android 11 device doesn't seem to be vulnerable to CVE-2025-48593 (the Android Bluetooth headset issue), even after I enabled Headset Client with root. I guess that's why the bulletin says it's Android 13-16 only?
  • 0
  • 0
  • 0
  • 6h ago
Profile picture
Zhuowei Zhang @zhuowei
CVE-2025-48593 does work on a physical Android 14 device (with Headset Client force enabled with root).
Alas, I don't have a physical Android 14 device with headset client already enabled. Only smartwatches, wearables, and cars support acting as Bluetooth headsets. I'm not about to drop $70,000 on a car for a blog post.
  • 0
  • 0
  • 0
  • 6h ago
Profile picture
Zhuowei Zhang @zhuowei
I wrote a blog post on CVE-2025-48593, an issue patched in Android's November Security Bulletin that only affected devices which act as Bluetooth headphones, such as smartwatches, smart glasses, and cars.

I examined the patch and wrote a proof-of-concept:
https://worthdoingbadly.com/bluetooth/

My proof-of-concept is available at https://github.com/zhuowei/blueshrimp; it gets "fault addr 0x4141414141414141" on the Android Automotive emulator... once you accept the pairing request.
  • 0
  • 0
  • 0
  • Last hour

CVE-2025-60709

Overview

  • Microsoft
  • Windows 11 Version 25H2
11 Nov 2025
Published
26 Nov 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.05%
KEV

Description

Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

🚨 Alleged Sale of Exploit Code for CVE-2025-60709

darkwebinformer.com/alleged-sa

  • 0
  • 0
  • 0
  • 8h ago
Showing 21 to 30 of 46 CVEs