CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-57354
https://notcve.org/view.php?id=CVE-2025-57354
24 Sep 2025 — This weakness enables adversaries to inject arbitrary properties into the JavaScript Object prototype through the first parameter of the translate method when combined with specific separator configurations, potentially resulting in denial-of-service conditions or remote code execution in vulnerable applications. • https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57354 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-57324
https://notcve.org/view.php?id=CVE-2025-57324
24 Sep 2025 — A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. • https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/parse%405.3.0/index.js • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-57348
https://notcve.org/view.php?id=CVE-2025-57348
24 Sep 2025 — Successful exploitation may lead to denial of service or arbitrary code execution in affected environments. • https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57348 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-10920 – GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-10920
24 Sep 2025 — Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed Farbfeld, Wireless Bitmap, DICOM or Apple Icon images are opened. • https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2443 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-57352
https://notcve.org/view.php?id=CVE-2025-57352
24 Sep 2025 — By processing malicious input involving the __proto__ property, an attacker can manipulate the prototype chain of JavaScript objects, leading to denial of service or arbitrary code execution. • https://github.com/Raynos/min-document/issues/54 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-10922 – GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-10922
24 Sep 2025 — Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed Farbfeld, Wireless Bitmap, DICOM or Apple Icon images are opened. • https://gitlab.gnome.org/GNOME/gimp/-/commit/3d909166463731e94dfe62042d76225ecfc4c1e4 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2025-57882 – AutomationDirect CLICK PLUS Improper Resource Shutdown or Release
https://notcve.org/view.php?id=CVE-2025-57882
23 Sep 2025 — The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions in the Remote PLC application. • https://www.automationdirect.com/support/software-downloads • CWE-404: Improper Resource Shutdown or Release •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2025-58473 – AutomationDirect CLICK PLUS Improper Resource Shutdown or Release
https://notcve.org/view.php?id=CVE-2025-58473
23 Sep 2025 — The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions of the Click Programming Software. • https://www.automationdirect.com/support/software-downloads • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-21927
https://notcve.org/view.php?id=CVE-2024-21927
23 Sep 2025 — Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service. • https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6016.html • CWE-241: Improper Handling of Unexpected Data Type •
CVSS: 10.0EPSS: 0%CPEs: 38EXPL: 0CVE-2025-9900 – Libtiff: libtiff write-what-where
https://notcve.org/view.php?id=CVE-2025-9900
23 Sep 2025 — This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. ... An attacker could possibly use this issue to cause LibTIFF to crash, resulting in a denial of service. ... An attacker could possibly use this issue to cause LibTIFF to leak memory, resulting in a denial of service. • https://access.redhat.com/security/cve/CVE-2025-9900 • CWE-123: Write-what-where Condition •