24h | 7d | 30d

Overview

  • FluidSynth
  • fluidsynth

23 Dec 2025
Published
24 Dec 2025
Updated

CVSS v3.1
HIGH (7.0)
EPSS
0.01%

KEV

Description

FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed memory, if the synthesizer is being concurrently destroyed, or samples of the (unloaded) DLS file are concurrently used to synthesize audio. This issue has been patched in version 2.5.2. The problem will not occur, when explicitly unloading a DLS file (before synth destruction), provided that at the time of unloading, no samples of the respective file are used by active voices. The problem will not occur in versions of FluidSynth that have been compiled without native DLS support.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture
🚨 URGENT: #Fedora Security Advisory FLSA-2025-16548b7718 CVE-2025-68617 in Fluidsynth exposes Fedora systems to arbitrary code execution. CVSS: 7.8 (HIGH). Read more: 👉 tinyurl.com/yntczx22 #Security
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • TRENDnet
  • TEW-800MB

28 Dec 2025
Published
28 Dec 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
Pending

KEV

Description

A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function do_setWizard_asp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture

🟠 CVE-2025-15136 - High (8.8)

A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function do_setWizard_asp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to com...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • GnuPG
  • GnuPG

28 Dec 2025
Published
28 Dec 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
Pending

KEV

Description

In GnuPG through 2.4.8, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture

🟠 CVE-2025-68973 - High (7.8)

In GnuPG through 2.4.8, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • pnggroup
  • libpng

24 Nov 2025
Published
25 Nov 2025
Updated

CVSS v3.1
HIGH (7.1)
EPSS
0.03%

KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture
URGENT: #Fedora 43 security update patches critical vulnerabilities (CVE-2025-64505, CVE-2025-65018, +12 more) in tkimg's libpng/libpiff. Remote code execution possible via malicious PNG/TIFF images. Read more: 👉 tinyurl.com/52pws3cd #Security
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • pnggroup
  • libpng

24 Nov 2025
Published
25 Nov 2025
Updated

CVSS v3.1
MEDIUM (6.1)
EPSS
0.02%

KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture
URGENT: #Fedora 43 security update patches critical vulnerabilities (CVE-2025-64505, CVE-2025-65018, +12 more) in tkimg's libpng/libpiff. Remote code execution possible via malicious PNG/TIFF images. Read more: 👉 tinyurl.com/52pws3cd #Security
  • 0
  • 0
  • 0
  • 4h ago
Showing 11 to 15 of 15 CVEs