#vulnerability

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Ashlar-Vellum Equipment: Cobalt, Xenon, Argon, Lithium, Cobalt Share Vulnerabilities: Out-of-Bounds Write, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Ashlar-Vellum products are affected: Cobalt: Versions 12.6.1204.207 and prior Xenon: Versions 12.6.1204.207 and prior Argon: Versions 12.6.1204.207 and prior Lithium: Versions 12.6.1204.207 and prior Cobalt Share: Versions 12.6.1204.207 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information or execute arbitrary code. CVE-2025-65084 has been assigned to this vulnera...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Festo Equipment: Compact Vision System, Control Block, Controller, and Operator Unit products Vulnerabilities: Exposure of Resource to Wrong Sphere, Initialization of a Resource with an Insecure Default 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker accessing devices without authentication or modifying configuration files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Festo reports that the following products are affected: Festo Software Compact Vision System SBO-Q-: All Versions Festo Software Control block CPX-CEC-C1 Codesys V2: All Versions Festo Software Control block CPX-CEC-C1-V3 Codesys V3: All Versions Festo Software Control block CPX-CEC Codesys V2: All Versions Festo Software Control block CPX-CEC-M1 Codesys V2: All Versions Festo Software Control block CPX-CEC-M1-V3 Codesys V3: All Versions Festo Software Control block CPX-CEC...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SiRcom Equipment: SMART Alert (SiSA) Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could enable an attacker to remotely activate or manipulate emergency sirens. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SiRcom SMART Alert (SiSA), a central control system, are affected: SMART Alert (SiSA): Version 3.0.48 3.2 VULNERABILITY OVERVIEW 3.2.1 Missing Authentication for Critical Function CWE-306 SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application. CVE-2025-13483 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). A C...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Opto 22 Equipment: groov View Vulnerability: Exposure of Sensitive Information Through Metadata 2. RISK EVALUATION Successful exploitation of this vulnerability could result in credential exposure, key exposure, and privilege escalation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of groov View are affected: groov View Server for Windows: Versions R1.0a to R4.5d GRV-EPIC-PR1 Firmware: Versions prior to 4.0.3 GRV-EPIC-PR2 Firmware: Versions prior to 4.0.3 3.2 VULNERABILITY OVERVIEW 3.2.1 Exposure of Sensitive Information Through Metadata CWE-1230 The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. This endpoint requires an Editor role to access and will display API keys for all users, including Administrators. CVE-2025-13084 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.6 h...

### Impact OMERO.web uses the jquery-form library throughout to handle form submission and response processing. Due to some unpatched potential vulnerabilities in jquery-form, OMERO.web 5.29.2 and earlier may be susceptible to XSS attacks. ### Patches User should upgrade OMERO.web to 5.29.3 or higher. ### Workarounds None. ### Resources https://github.com/jquery-form/form/issues/604

### Summary The BIP-322 signature verification does not enforce the SIGHASH value to be SIGHASH_ALL, and therefore is not strictly following the [spec](https://bips.dev/322/). ### Impact Non-compliant BIP-322 signatures in proof of possessions can be accepted by the chain.

### Summary Adversarial validators can send large vote extensions by using non-existing protobuf tags. This will result in the rejection of the subsequent block proposal. Eventually, all block proposals will be rejected by all validators. ### Impact A small group of adversarial validators can cause a chain halt.

### Summary Multiple path traversal and unsafe path handling vulnerabilities were discovered in eKuiper prior to the fixes implemented in PR [lf-edge/ekuiper#3911](https://github.com/lf-edge/ekuiper/pull/3911). The issues allow attacker-controlled input (rule names, schema versions, plugin names, uploaded file names, and ZIP entries) to influence file system paths used by the application. In vulnerable deployments, this can permit files to be created, overwritten, or extracted outside the intended directories, potentially enabling disclosure of sensitive files, tampering with configuration or plugin binaries, denial of service, or other host compromise scenarios. Several components used unvalidated user input when constructing filesystem paths or when extracting archives. In each case, input was accepted and used directly in path operations (join, create, delete, extract) without sufficient sanitization or canonicalization, allowing the input to include path separators, `..` segments,...

### Impact An attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This is a follow up to [GHSA-jfx9-29x2-rv3j](https://github.com/py-pdf/pypdf/security/advisories/GHSA-jfx9-29x2-rv3j) to align the default limit with the one for *zlib*. ### Patches This has been fixed in [pypdf==6.4.0](https://github.com/py-pdf/pypdf/releases/tag/6.4.0). ### Workarounds If users cannot upgrade yet, use the line below to overwrite the default in their code: ```python pypdf.filters.LZW_MAX_OUTPUT_LENGTH = 75_000_000 ```

### Summary Inserting unsanitized data into the blog tag field in Formwork CMS results in stored cross‑site scripting (XSS). Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controlled script executed in their browser. Because the issue is persistent and impacts privileged administrative workflows, the severity is elevated. ### Details Formwork CMS fails to properly sanitize data inserted into tags, before saving them and rendering them into the edit blog interface. When a specially crafted tag becomes saved as a tag into the system, it is unable to be removed. Any attempt to remove the tag from the affected post, causes the XSS to trigger once again. Additionally, once the malicious tag is present, managing standard tags becomes impossible. This is due to script execution on attempted modification. This leads to a form of interface lockout where the payload continually reinserts itself due to the stored, unsafe rendering....