24h | 7d | 30d

Overview

  • CODESYS
  • CODESYS Control RTE (SL)

01 Dec 2025
Published
01 Dec 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.08%

KEV

Description

An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.

Statistics

  • 1 Post

Last activity: 15 hours ago

Fediverse

Profile picture

VDE-2025-100
CODESYS Control - Invalid type usage in visualization

A vulnerability in the CODESYS Control runtime system's CmpVisuServer component allows attackers to cause a denial-of-service (DoS) by sending special request to the CODESYS Web- or remote Target Visu. The issue is triggered by an internal read access using a pointer of wrong type.
CVE-2025-41738

certvde.com/en/advisories/vde-

codesys.csaf-tp.certvde.com/.w

  • 0
  • 0
  • 0
  • 15h ago

Overview

  • glib

26 Nov 2025
Published
27 Nov 2025
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture
Security Bulletin: CVE-2025-13601 / glib2 on Fedora 43. The #Fedora project has released glib2 2.86.2 to remediate a critical integer overflow vulnerability (CVE-2025-13601) in the g_escape_uri_string() function. Read more: 👉 tinyurl.com/38fdekuw #Security
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Unisoc (Shanghai) Technologies Co., Ltd.
  • T8100/T9100/T8200/T8300

01 Dec 2025
Published
01 Dec 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.21%

KEV

Description

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed

Statistics

  • 1 Post

Last activity: 16 hours ago

Fediverse

Profile picture

🚨 CVE-2025-61610 (HIGH): Unisoc T8100/T9100/T8200/T8300 chipsets (Android 13-16) are at risk of remote DoS via NR modem crash (improper input validation). No authentication needed. Monitor for patches & apply network controls. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago

Overview

  • CODESYS
  • CODESYS PLCHandler

01 Dec 2025
Published
01 Dec 2025
Updated

CVSS v3.1
MEDIUM (5.9)
EPSS
0.08%

KEV

Description

An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.

Statistics

  • 1 Post

Last activity: 15 hours ago

Fediverse

Profile picture

VDE-2025-099
CODESYS Control - Linux/QNX SysSocket flaw

A vulnerability has been identified in the CODESYS Control runtime system, which includes an abstraction layer designed to ensure compatibility across different operating systems. This layer is used both by affected CODESYS products and by applications running on the PLC.
CVE-2025-41739

certvde.com/en/advisories/vde-

codesys.csaf-tp.certvde.com/.w

  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Apache Software Foundation
  • Apache Struts
  • org.apache.struts:struts2-core

01 Dec 2025
Published
01 Dec 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture
SIOSセキュリティブログを更新しました。 Apache Strutsの脆弱性(Important: CVE-2025-64775) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #apache #struts security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • expressjs
  • express

01 Dec 2025
Published
01 Dec 2025
Updated

CVSS v4.0
LOW (2.7)
EPSS
Pending

KEV

Description

Express.js minimalist web framework for node. Prior to 5.2.0 and 4.22.0, when using the extended query parser in express ('query parser': 'extended'), the request.query object inherits all object prototype properties, but these properties can be overwritten by query string parameter keys that match the property names. This vulnerability is fixed in 5.2.0 and 4.22.0.

Statistics

  • 4 Posts

Last activity: 9 hours ago

Fediverse

Profile picture

🚨 low-severity security fix in express@4.22.0 just released!

Patches CVE-2024-51999 — improperly controlled modification of query properties in express

github.com/expressjs/express/r

  • 0
  • 0
  • 3
  • 9h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture
~Checkpoint~ A vulnerability in OpenAI Codex CLI allows remote code execution via malicious project-local configuration files when a developer runs the tool. - IOCs: (None identified) - #CVE202561260 #RCE #SupplyChain #ThreatIntel
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Devolutions
  • Server

27 Nov 2025
Published
01 Dec 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture
Critical Devolutions Server Flaw (CVE-2025-13757) Allows Authenticated SQL Injection to Steal All Passwords
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Google
  • Android

18 Nov 2025
Published
19 Nov 2025
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 3 Posts

Last activity: Last hour

Fediverse

Profile picture
Weird: my Android 11 device doesn't seem to be vulnerable to CVE-2025-48593 (the Android Bluetooth headset issue), even after I enabled Headset Client with root. I guess that's why the bulletin says it's Android 13-16 only?
  • 0
  • 0
  • 0
  • 6h ago
Profile picture
CVE-2025-48593 does work on a physical Android 14 device (with Headset Client force enabled with root).
Alas, I don't have a physical Android 14 device with headset client already enabled. Only smartwatches, wearables, and cars support acting as Bluetooth headsets. I'm not about to drop $70,000 on a car for a blog post.
  • 0
  • 0
  • 0
  • 6h ago
Profile picture
I wrote a blog post on CVE-2025-48593, an issue patched in Android's November Security Bulletin that only affected devices which act as Bluetooth headphones, such as smartwatches, smart glasses, and cars.

I examined the patch and wrote a proof-of-concept:
https://worthdoingbadly.com/bluetooth/

My proof-of-concept is available at https://github.com/zhuowei/blueshrimp; it gets "fault addr 0x4141414141414141" on the Android Automotive emulator... once you accept the pairing request.
  • 0
  • 0
  • 0
  • Last hour

Overview

  • Microsoft
  • Windows 11 Version 25H2

11 Nov 2025
Published
26 Nov 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.05%

KEV

Description

Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Showing 21 to 30 of 46 CVEs