CVE-2025-55308 - Foxit PDF and Editor Use-After-Free Information Disclosure Vulnerability
CVE ID : CVE-2025-55308
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. A crafted PDF containing JavaScript that calls closeDoc() while internal objects are still in use can cause premature release of these objects. This use-after-free vulnerability may lead to memory corruption, potentially resulting in information disclosure when the PDF is opened.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55308
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. A crafted PDF containing JavaScript that calls closeDoc() while internal objects are still in use can cause premature release of these objects. This use-after-free vulnerability may lead to memory corruption, potentially resulting in information disclosure when the PDF is opened.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55309 - Foxit PDF and Editor Use-After-Free Vulnerability
CVE ID : CVE-2025-55309
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change handling prematurely releases the annotation object, resulting in a use-after-free vulnerability that may cause memory corruption or application crashes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55309
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change handling prematurely releases the annotation object, resulting in a use-after-free vulnerability that may cause memory corruption or application crashes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55310 - Foxit PDF and Editor Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-55310
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or replace the static HTML files used by the StartPage feature can cause the application to load malicious or compromised content upon startup. This may result in information disclosure, unauthorized data access, or other security impacts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55310
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or replace the static HTML files used by the StartPage feature can cause the application to load malicious or compromised content upon startup. This may result in information disclosure, unauthorized data access, or other security impacts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55311 - Foxit PDF and Editor Annotation Content Manipulation Vulnerability
CVE ID : CVE-2025-55311
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification by hiding document modifications, allowing an attacker to mislead users about the document's integrity and compromise the trustworthiness of signed PDFs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55311
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification by hiding document modifications, allowing an attacker to mislead users about the document's integrity and compromise the trustworthiness of signed PDFs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55312 - Foxit PDF and Editor Memory Corruption Vulnerability
CVE ID : CVE-2025-55312
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55312
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55313 - Foxit PDF and Editor Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-55313
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely large value to a form field's charLimit property via JavaScript. This can result in memory corruption and may allow an attacker to execute arbitrary code by persuading a user to open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55313
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely large value to a form field's charLimit property via JavaScript. This can result in memory corruption and may allow an attacker to execute arbitrary code by persuading a user to open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55314 - Foxit PDF and Editor Memory Corruption Vulnerability
CVE ID : CVE-2025-55314
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55314
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59802 - Foxit PDF Signature Spoofing via OCG
CVE ID : CVE-2025-59802
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamically change the visibility of OCG content after signing (Post-Sign), allowing the visual content of a signed PDF to be modified without invalidating the signature. This may result in a mismatch between the signed content and what the signer or verifier sees, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59802
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamically change the visibility of OCG content after signing (Post-Sign), allowing the visual content of a signed PDF to be modified without invalidating the signature. This may result in a mismatch between the signed content and what the signer or verifier sees, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59803 - Foxit PDF Editor and Reader Signature Spoofing Vulnerability
CVE ID : CVE-2025-59803
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the triggers modify content on other pages or optional content layers without explicit warning. This can cause the signed PDF to differ from what the signer saw, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59803
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the triggers modify content on other pages or optional content layers without explicit warning. This can cause the signed PDF to differ from what the signer saw, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67739 - JetBrains TeamCity Unvalidated Repository URL Disclosure
CVE ID : CVE-2025-67739
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67739
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67740 - JetBrains TeamCity GitHub App Token Metadata Access Control Vulnerability
CVE ID : CVE-2025-67740
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67740
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67741 - JetBrains TeamCity Stored XSS Vulnerability
CVE ID : CVE-2025-67741
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67741
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67742 - JetBrains TeamCity Arbitrary File Access Vulnerability
CVE ID : CVE-2025-67742
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
Severity: 3.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67742
Published : Dec. 11, 2025, 4:16 p.m. | 1 hour, 7 minutes ago
Description : In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
Severity: 3.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-8273 - HYPR Server Authentication Bypass
CVE ID : CVE-2024-8273
Published : Dec. 11, 2025, 4:29 p.m. | 54 minutes ago
Description : Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This issue affects Server: before 10.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-8273
Published : Dec. 11, 2025, 4:29 p.m. | 54 minutes ago
Description : Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This issue affects Server: before 10.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14526 - Tenda CH22 L7Im frmL7ImForm buffer overflow
CVE ID : CVE-2025-14526
Published : Dec. 11, 2025, 4:32 p.m. | 52 minutes ago
Description : A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14526
Published : Dec. 11, 2025, 4:32 p.m. | 52 minutes ago
Description : A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66043 - Biosig Project Libbiosig MFER Parsing Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-66043
Published : Dec. 11, 2025, 4:43 p.m. | 40 minutes ago
Description : Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 3
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66043
Published : Dec. 11, 2025, 4:43 p.m. | 40 minutes ago
Description : Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 3
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66044 - Biosig Project libbiosig Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-66044
Published : Dec. 11, 2025, 4:43 p.m. | 40 minutes ago
Description : Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 64
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66044
Published : Dec. 11, 2025, 4:43 p.m. | 40 minutes ago
Description : Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 64
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66045 - Biosig Project libbiosig Stack-based Buffer Overflow Vulnerability
CVE ID : CVE-2025-66045
Published : Dec. 11, 2025, 4:43 p.m. | 40 minutes ago
Description : Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 65
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66045
Published : Dec. 11, 2025, 4:43 p.m. | 40 minutes ago
Description : Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 65
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66046 - Biosig Project libbiosig MFER Parsing Buffer Overflow Vulnerability
CVE ID : CVE-2025-66046
Published : Dec. 11, 2025, 4:43 p.m. | 40 minutes ago
Description : Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 67
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66046
Published : Dec. 11, 2025, 4:43 p.m. | 40 minutes ago
Description : Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 67
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66047 - Biosig Project libbiosig MFER Parsing Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-66047
Published : Dec. 11, 2025, 4:43 p.m. | 40 minutes ago
Description : Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 131
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66047
Published : Dec. 11, 2025, 4:43 p.m. | 40 minutes ago
Description : Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 131
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66048 - Biosig Project libbiosig MFER Parsing Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-66048
Published : Dec. 11, 2025, 4:43 p.m. | 40 minutes ago
Description : Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 133
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66048
Published : Dec. 11, 2025, 4:43 p.m. | 40 minutes ago
Description : Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 133
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...