CVE-2025-12501 - GameMaker IDE Integer Overflow Denial-of-Service Vulnerability
CVE ID : CVE-2025-12501
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Integer overflow in GameMaker IDE below 2024.14.0 version can lead to can lead to application crashes through denial-of-service attacks (DoS). GameMaker users who use the network_create_server() function in their projects are urged to update and recompile immediately.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12501
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Integer overflow in GameMaker IDE below 2024.14.0 version can lead to can lead to application crashes through denial-of-service attacks (DoS). GameMaker users who use the network_create_server() function in their projects are urged to update and recompile immediately.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57106 - Kitware VTK Buffer Overflow
CVE ID : CVE-2025-57106
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57106
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57107 - Kitware VTK Heap Buffer Overflow Vulnerability
CVE ID : CVE-2025-57107
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57107
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57108 - Kitware VTK Heap Use-After-Free Vulnerability in GLTFDocumentLoader
CVE ID : CVE-2025-57108
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57108
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60749 - Trimble SketchUp DLL Hijacking Vulnerability
CVE ID : CVE-2025-60749
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef.dll used by sketchup_webhelper.exe.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60749
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef.dll used by sketchup_webhelper.exe.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61427 - BEO Atlas Einfuhr Ausfuhr XSS
CVE ID : CVE-2025-61427
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in BEO GmbH BEO Atlas Einfuhr Ausfuhr 3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the userid and password parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61427
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in BEO GmbH BEO Atlas Einfuhr Ausfuhr 3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the userid and password parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64168 - Agno session state overwrites between different sessions/users
CVE ID : CVE-2025-64168
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition can occur, causing a session_state to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed to another user. This has been patched in version 2.2.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64168
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition can occur, causing a session_state to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed to another user. This has been patched in version 2.2.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64385 - INCORRECT SECURITY VALIDATION IN SENDING UDP FRAMES
CVE ID : CVE-2025-64385
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initial configuration can be changed by means of the device's MAC without the need for authentication.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64385
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initial configuration can be changed by means of the device's MAC without the need for authentication.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64387 - CLICKJACKING
CVE ID : CVE-2025-64387
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login credentials in a form that, a priori, appears legitimate.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64387
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login credentials in a form that, a priori, appears legitimate.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64388 - Denial of service through specific packets
CVE ID : CVE-2025-64388
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Denial of service of the web server through specific requests to this protocol
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64388
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Denial of service of the web server through specific requests to this protocol
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64389 - EXCHANGE OF SENSITIVE INFORMATION IN CLEAR TEXT
CVE ID : CVE-2025-64389
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64389
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12357 - International Standards Organization ISO 15118-2 Improper Restriction of Communication Channel to Intended Endpoints
CVE ID : CVE-2025-12357
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : By manipulating the Signal Level Attenuation Characterization (SLAC) protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. This vulnerability may be exploitable wirelessly, within close proximity, via electromagnetic induction.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12357
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : By manipulating the Signal Level Attenuation Characterization (SLAC) protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. This vulnerability may be exploitable wirelessly, within close proximity, via electromagnetic induction.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12507 - Insecure service configuration – unquoted path
CVE ID : CVE-2025-12507
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12507
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12508 - Unencrypted communication to Active Directory services
CVE ID : CVE-2025-12508
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12508
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12509 - Scripts for the module Global_Shipping executable on BRAIN2 Server
CVE ID : CVE-2025-12509
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12509
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12552 - Insufficient Password Policy
CVE ID : CVE-2025-12552
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12552
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12553 - Server Certificate Verification Disabled
CVE ID : CVE-2025-12553
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12553
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12554 - Missing Security Headers
CVE ID : CVE-2025-12554
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12554
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29270 - Deep Sea Electronics DSE855 Unauthenticated Remote Command Execution
CVE ID : CVE-2025-29270
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29270
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63466 - Totolink LR350 Stack Overflow Denial of Service
CVE ID : CVE-2025-63466
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63466
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63467 - Totolink LR350 Stack Overflow Denial of Service
CVE ID : CVE-2025-63467
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63467
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...