CVE-2025-62788 - Wazuh Vulnerable to Heap Use After Free in w_copy_event_for_log
CVE ID : CVE-2025-62788
Published : Oct. 29, 2025, 5:15 p.m. | 1 hour, 42 minutes ago
Description : Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, w_copy_event_for_log() references memory (initially allocated in OS_CleanMSG()) after it has been freed. A compromised agent can potentially compromise the integrity of the application by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can leverage this issue to potentially compromise the integrity of the application (the use of previously freed memory may corrupt valid data, if the memory area in question has been allocated and used properly elsewhere). This vulnerability is fixed in 4.11.0.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62788
Published : Oct. 29, 2025, 5:15 p.m. | 1 hour, 42 minutes ago
Description : Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, w_copy_event_for_log() references memory (initially allocated in OS_CleanMSG()) after it has been freed. A compromised agent can potentially compromise the integrity of the application by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can leverage this issue to potentially compromise the integrity of the application (the use of previously freed memory may corrupt valid data, if the memory area in question has been allocated and used properly elsewhere). This vulnerability is fixed in 4.11.0.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62789 - Wazuh vulnerable to NULL pointer dereference in fim_alert line 712
CVE ID : CVE-2025-62789
Published : Oct. 29, 2025, 5:15 p.m. | 1 hour, 42 minutes ago
Description : Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_alert() implementation does not check whether the return value of ctime_r is NULL or not before calling strdup() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.11.0.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62789
Published : Oct. 29, 2025, 5:15 p.m. | 1 hour, 42 minutes ago
Description : Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_alert() implementation does not check whether the return value of ctime_r is NULL or not before calling strdup() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.11.0.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62790 - Wazuh vulnerable to NULL pointer dereference in fim_fetch_attributes_state
CVE ID : CVE-2025-62790
Published : Oct. 29, 2025, 5:15 p.m. | 1 hour, 42 minutes ago
Description : Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_fetch_attributes_state() implementation does not check whether time_string is NULL or not before calling strlen() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.11.0.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62790
Published : Oct. 29, 2025, 5:15 p.m. | 1 hour, 42 minutes ago
Description : Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_fetch_attributes_state() implementation does not check whether time_string is NULL or not before calling strlen() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.11.0.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62791 - Wazuh vulnerable to NULL pointer dereference in DecodeCiscat
CVE ID : CVE-2025-62791
Published : Oct. 29, 2025, 5:15 p.m. | 1 hour, 42 minutes ago
Description : Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, DecodeCiscat() implementation does not check the return the value of cJSON_GetObjectItem() for a possible NULL value in case of an error. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.11.0.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62791
Published : Oct. 29, 2025, 5:15 p.m. | 1 hour, 42 minutes ago
Description : Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, DecodeCiscat() implementation does not check the return the value of cJSON_GetObjectItem() for a possible NULL value in case of an error. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.11.0.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62792 - Wazuh vulnerable to Heap-based Buffer Over-read in w_expression_match
CVE ID : CVE-2025-62792
Published : Oct. 29, 2025, 5:15 p.m. | 1 hour, 42 minutes ago
Description : Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in w_expression_match() when strlen() is called on str_test, because the corresponding buffer is not being properly NULL terminated during its allocation in OS_CleanMSG(). A compromised agent can cause a READ operation beyond the end of the allocated buffer (which may contain sensitive information) by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause a buffer over-read and potentially access sensitive data. This vulnerability is fixed in 4.12.0.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62792
Published : Oct. 29, 2025, 5:15 p.m. | 1 hour, 42 minutes ago
Description : Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in w_expression_match() when strlen() is called on str_test, because the corresponding buffer is not being properly NULL terminated during its allocation in OS_CleanMSG(). A compromised agent can cause a READ operation beyond the end of the allocated buffer (which may contain sensitive information) by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause a buffer over-read and potentially access sensitive data. This vulnerability is fixed in 4.12.0.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11232 - Invalid characters cause assert
CVE ID : CVE-2025-11232
Published : Oct. 29, 2025, 6:15 p.m. | 42 minutes ago
Description : To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be empty (the default); and "ddns-qualifying-suffix" must *NOT* be empty (the default is empty). DDNS updates do not need to be enabled for this issue to manifest. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly. This issue affects Kea versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11232
Published : Oct. 29, 2025, 6:15 p.m. | 42 minutes ago
Description : To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be empty (the default); and "ddns-qualifying-suffix" must *NOT* be empty (the default is empty). DDNS updates do not need to be enabled for this issue to manifest. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly. This issue affects Kea versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-35980 - Cisco None Vulnerability
CVE ID : CVE-2025-35980
Published : Oct. 29, 2025, 6:15 p.m. | 42 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2025. Notes: none.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-35980
Published : Oct. 29, 2025, 6:15 p.m. | 42 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2025. Notes: none.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57227 - Kingo ROOT Privilege Escalation Vulnerability
CVE ID : CVE-2025-57227
Published : Oct. 29, 2025, 6:15 p.m. | 42 minutes ago
Description : An unquoted service path in Kingosoft Technology Ltd Kingo ROOT v1.5.8.3353 allows attackers to escalate privileges via placing a crafted executable file into a parent folder.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57227
Published : Oct. 29, 2025, 6:15 p.m. | 42 minutes ago
Description : An unquoted service path in Kingosoft Technology Ltd Kingo ROOT v1.5.8.3353 allows attackers to escalate privileges via placing a crafted executable file into a parent folder.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62797 - CSRF in FluxCP account endpoints allows account takeover / state-changing actions
CVE ID : CVE-2025-62797
Published : Oct. 29, 2025, 6:15 p.m. | 42 minutes ago
Description : FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery (CSRF) vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authorized solely by the session cookie without per-request anti-CSRF tokens or robust Origin/Referer validation. An attacker who can lure a logged-in user to an attacker-controlled page can cause that user to perform sensitive actions without their intent. This vulnerability is fixed with commit e3f130c.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62797
Published : Oct. 29, 2025, 6:15 p.m. | 42 minutes ago
Description : FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery (CSRF) vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authorized solely by the session cookie without per-request anti-CSRF tokens or robust Origin/Referer validation. An attacker who can lure a logged-in user to an attacker-controlled page can cause that user to perform sensitive actions without their intent. This vulnerability is fixed with commit e3f130c.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64100 - CKAN Vulnerable to Session Cookie Fixation
CVE ID : CVE-2025-64100
Published : Oct. 29, 2025, 6:15 p.m. | 42 minutes ago
Description : CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage (CKAN uses cookie-based session storage by default). The attacker would need to either set a cookie on the victim's browser or steal the victim's currently valid session. Session identifiers are now regenerated after each login. This vulnerability has been fixed in CKAN 2.10.9 and 2.11.4
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64100
Published : Oct. 29, 2025, 6:15 p.m. | 42 minutes ago
Description : CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage (CKAN uses cookie-based session storage by default). The attacker would need to either set a cookie on the victim's browser or steal the victim's currently valid session. Session identifiers are now regenerated after each login. This vulnerability has been fixed in CKAN 2.10.9 and 2.11.4
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64101 - ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection
CVE ID : CVE-2025-64101
Published : Oct. 29, 2025, 6:30 p.m. | 28 minutes ago
Description : Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, a potential vulnerability exists in ZITADEL's password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmation link. This link, containing a secret code, is then emailed to the user. If an attacker can manipulate these headers (e.g., via host header injection), they could cause ZITADEL to generate a password reset link pointing to a malicious domain controlled by the attacker. If the user clicks this manipulated link in the email, the secret reset code embedded in the URL can be captured by the attacker. This captured code could then be used to reset the user's password and gain unauthorized access to their account. It's important to note that this specific attack vector is mitigated for accounts that have Multi-Factor Authentication (MFA) or Passwordless authentication enabled. This vulnerability is fixed in 4.6.0, 3.4.3, and 2.71.18.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64101
Published : Oct. 29, 2025, 6:30 p.m. | 28 minutes ago
Description : Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, a potential vulnerability exists in ZITADEL's password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmation link. This link, containing a secret code, is then emailed to the user. If an attacker can manipulate these headers (e.g., via host header injection), they could cause ZITADEL to generate a password reset link pointing to a malicious domain controlled by the attacker. If the user clicks this manipulated link in the email, the secret reset code embedded in the URL can be captured by the attacker. This captured code could then be used to reset the user's password and gain unauthorized access to their account. It's important to note that this specific attack vector is mitigated for accounts that have Multi-Factor Authentication (MFA) or Passwordless authentication enabled. This vulnerability is fixed in 4.6.0, 3.4.3, and 2.71.18.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64102 - Zitadel allows brute-forcing authentication factors
CVE ID : CVE-2025-64102
Published : Oct. 29, 2025, 7:15 p.m. | 3 hours, 44 minutes ago
Description : Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like TOTP, Email OTP, or passwords using a lockout mechanism. The mechanism is not enabled by default and can cause a denial of service for the corresponding user if enabled. Additionally, the mitigation strategies were not fully implemented in the more recent resource-based APIs. This vulnerability is fixed in 4.6.0, 3.4.3, and 2.71.18.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64102
Published : Oct. 29, 2025, 7:15 p.m. | 3 hours, 44 minutes ago
Description : Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like TOTP, Email OTP, or passwords using a lockout mechanism. The mechanism is not enabled by default and can cause a denial of service for the corresponding user if enabled. Additionally, the mitigation strategies were not fully implemented in the more recent resource-based APIs. This vulnerability is fixed in 4.6.0, 3.4.3, and 2.71.18.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64103 - Zitadel Bypass Second Authentication Factor
CVE ID : CVE-2025-64103
Published : Oct. 29, 2025, 7:15 p.m. | 3 hours, 44 minutes ago
Description : Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA without this requirement, Zitadel would consider single factor auhtenticated sessions as valid as well and not require multiple factors. Bypassing second authentication factors weakens multifactor authentication and enables attackers to bypass the more secure factor. An attacker can target the TOTP code alone, only six digits, bypassing password verification entirely and potentially compromising accounts with 2FA enabled. This vulnerability is fixed in 4.6.0, 3.4.3, and 2.71.18.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64103
Published : Oct. 29, 2025, 7:15 p.m. | 3 hours, 44 minutes ago
Description : Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA without this requirement, Zitadel would consider single factor auhtenticated sessions as valid as well and not require multiple factors. Bypassing second authentication factors weakens multifactor authentication and enables attackers to bypass the more secure factor. An attacker can target the TOTP code alone, only six digits, bypassing password verification entirely and potentially compromising accounts with 2FA enabled. This vulnerability is fixed in 4.6.0, 3.4.3, and 2.71.18.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64104 - LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore
CVE ID : CVE-2025-64104
Published : Oct. 29, 2025, 7:15 p.m. | 3 hours, 44 minutes ago
Description : LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization, allowing attackers to inject arbitrary SQL and bypass access controls. This vulnerability is fixed in 2.0.11.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64104
Published : Oct. 29, 2025, 7:15 p.m. | 3 hours, 44 minutes ago
Description : LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization, allowing attackers to inject arbitrary SQL and bypass access controls. This vulnerability is fixed in 2.0.11.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10920 - GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE ID : CVE-2025-10920
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27684.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10920
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27684.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10921 - GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE ID : CVE-2025-10921
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27803.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10921
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27803.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10922 - GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE ID : CVE-2025-10922
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27863.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10922
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27863.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10923 - GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability
CVE ID : CVE-2025-10923
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WBMP files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27878.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10923
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WBMP files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27878.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10924 - GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability
CVE ID : CVE-2025-10924
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FF files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27836.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10924
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FF files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27836.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10925 - GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE ID : CVE-2025-10925
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ILBM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27793.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10925
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ILBM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27793.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10934 - GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE ID : CVE-2025-10934
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27823.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10934
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27823.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...