Bulletins, EN

Vulnerability Summary for the Week of December 8, 2025

High Vulnerabilities

<
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Bulletins

Read the original article:

Primary
Vendor — Product		 Description Published CVSS Score Source Info Patch Info
Unknown–Typora Typora 1.7.4 contains a command injection vulnerability in the PDF export preferences that allows attackers to execute arbitrary system commands. Attackers can inject malicious commands into the ‘run command’ input field during PDF export to achieve remote code execution. 2025-12-12 9.8 CVE-2024-14010 ExploitDB-51752
Typora Vendor Homepage
VulnCheck Advisory: Typora 1.7.4 OS Command Injection via Export PDF Preferences
 
PCMan–FTP Server PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the ‘pwd’ command that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted payload during the FTP login process to overwrite memory and potentially gain system access. 2025-12-12 9.8 CVE-2024-58299 ExploitDB-51767
PCMan FTP Server Sourceforge Page
VulnCheck Advisory: PCMan FTP Server 2.0 Remote Buffer Overflow via ‘pwd’ Command
 
dormakaba–Dormakaba Saflok System 6000