Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
Last activity: 13 hours ago
Bluesky
Zoomに、Highの脆弱性情報 ZSB-25050 が公開されました。
「CVE-2025-67460 : Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure」
CVSSv3: 7.8
→ https://www.zoom.com/en/trust/security-bulletin/ZSB-25050/
Overview
Description
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.
Statistics
- 1 Post
Last activity: 2 hours ago
Bluesky
CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite scq.ms/48qtwII #cybersecurity #SecQube
Overview
- Robocode Project
- Robocode
- robocode
09 Dec 2025
Published
09 Dec 2025
Updated
CVSS v4.0
CRITICAL (10.0)
EPSS
0.06%
KEV
Description
An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the data length, leading to potential unauthorized code execution.
Statistics
- 1 Post
Last activity: 20 hours ago
Fediverse
⚠️ CRITICAL: CVE-2025-14308 in Robocode 1.9.3.6—Integer overflow in Buffer.write() enables unauthenticated remote code execution. No patch yet—immediate isolation & runtime protections advised! https://radar.offseq.com/threat/cve-2025-14308-cwe-190-integer-overflow-or-wraparo-15413a22 #OffSeq #Robocode #Vuln #Infosec
Overview
- Go standard library
- crypto/x509
- crypto/x509
02 Dec 2025
Published
03 Dec 2025
Updated
CVSS
Pending
EPSS
0.02%
KEV
Description
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.
Statistics
- 1 Post
Last activity: 18 hours ago
Bluesky
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509 scq.ms/3KrNee1 #cybersecurity #SecQube
Overview
- Microsoft
- GitHub Copilot Plugin for JetBrains IDEs
09 Dec 2025
Published
10 Dec 2025
Updated
CVSS v3.1
HIGH (8.4)
EPSS
Pending
KEV
Description
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally.
Statistics
- 1 Post
- 2 Interactions
Last activity: 11 hours ago
Fediverse
Here are the publicly disclosed ones.
Command injection in GitHub Copilot for JetBrains:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64671
an command injection in PowerShell:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54100
Overview
- Microsoft
- Microsoft Office LTSC 2024
09 Dec 2025
Published
10 Dec 2025
Updated
CVSS v3.1
HIGH (8.4)
EPSS
Pending
KEV
Description
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Statistics
- 1 Post
- 1 Interaction
Last activity: 11 hours ago
Fediverse
And two sev:CRIT RCEs in Office, including the preview pane.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62557
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62554
Overview
- Microsoft
- Microsoft Office LTSC 2024
09 Dec 2025
Published
10 Dec 2025
Updated
CVSS v3.1
HIGH (8.4)
EPSS
Pending
KEV
Description
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Statistics
- 1 Post
- 1 Interaction
Last activity: 11 hours ago
Fediverse
And two sev:CRIT RCEs in Office, including the preview pane.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62557
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62554
Overview
Description
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
Statistics
- 1 Post
Last activity: 1 hour ago
Bluesky
MetaRATを利用した日本組織を狙った攻撃キャンペーン | LAC WATCH - 株式会社ラック
攻撃者グループは、初期侵入手段として標的組織のICSに存在する脆弱性(CVE-2024-21893およびCVE-2024-21887)を悪用し、対象機器にマルウェアを設置しました。
www.lac.co.jp/lacwatch/rep...
Overview
Description
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.
Statistics
- 1 Post
Last activity: 21 hours ago
Bluesky
CVE-2022-37055 D-Link Routers Buffer Overflow Vulnerability
CVE-2025-66644 Array Networks ArrayOS AG OS Command Injection Vulnerability
Description
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,
Statistics
- 1 Post
Last activity: 21 hours ago
Bluesky
CVE-2022-37055 D-Link Routers Buffer Overflow Vulnerability
CVE-2025-66644 Array Networks ArrayOS AG OS Command Injection Vulnerability