out-of-bounds write

Delta Electronics’ DIAScreen, a widely used HMI/visualization component of the DIAStudio engineering suite, contains a set of file‑parsing memory‑corruption bugs that can result in out‑of‑bounds writes and memory corruption when a user opens a specially crafted project file. The vendor and...

Delta Electronics’ CNCSoft‑G2 has been the focus of a coordinated disclosure that exposes a file‑parsing out‑of‑bounds write (CWE‑787) in the DPAX project file handler — a flaw tracked as CVE‑2025‑47728 that can lead to arbitrary code execution when a user opens a specially crafted file, and...

A high-severity memory-corruption flaw in Chromium’s V8 JavaScript engine, tracked as CVE-2025-9132, has been patched in the Chrome 139 stable update; the vulnerability is an out‑of‑bounds write that can lead to heap corruption and, in the worst case, remote code execution when a user visits a...

Chromium security teams fixed a high‑risk out‑of‑bounds write in the ANGLE graphics translation layer (tracked as CVE‑2025‑8901), and users of Chromium‑based browsers — including Microsoft Edge after Microsoft ingests the Chromium update — must upgrade to the patched builds (Chrome...

Siemens' COMOS engineering platform is again at the center of vendor and national cybersecurity advisories after an out‑of‑bounds write in a third‑party graphics library — tracked as CVE‑2024‑8894 — was linked to COMOS deployments and republished by authorities, raising fresh questions about...

Delta Electronics’ CNCSoft software, long regarded as a keystone utility in the integration between industrial automation and human-machine interfaces (HMIs), has entered a new phase—but not by evolution or enhancement. Instead, it’s a phase marked by high-severity, unpatched vulnerabilities and...

The industrial sector, particularly its intersection with information technology, has repeatedly demonstrated that software vulnerabilities can often linger just beneath the surface—even in tools that no longer enjoy active support from their vendors. The recent disclosure of multiple...

MicroDicom DICOM Viewer, a widely recognized medical imaging software, has become the focus of significant cybersecurity scrutiny following the public disclosure of a critical vulnerability. According to a disclosure by the Cybersecurity and Infrastructure Security Agency (CISA), versions of the...

Few actions in tech are as deceptively simple, yet as consequential, as keeping one’s browser updated. This week, Google sounded an unmistakable alarm: update Chrome immediately, or risk exposure to a slate of newly discovered vulnerabilities with the potential for far-reaching consequences...

Here’s a summary of what happened, based on your Forbes excerpt and forum highlights: What Happened at Pwn2Own Berlin 2025? On the first day, Windows 11 was successfully hacked three separate times by elite security researchers using zero-day exploits (vulnerabilities unknown to the vendor)...

Government agencies and private organizations alike are on high alert following the latest advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which highlights the addition of a single, but particularly alarming, vulnerability to its Known Exploited Vulnerabilities...

The latest update from the Cybersecurity and Infrastructure Security Agency (CISA) underscores the persistent and evolving threat landscape facing organizations that rely on widely used open-source components. On May 6, CISA announced the addition of a single, but critical, new vulnerability to...

When exploring the latest security advisory for the MicroDicom DICOM Viewer, it is evident that even widely trusted imaging software within healthcare can harbor significant vulnerabilities, threatening both patient safety and the integrity of medical systems worldwide. In the midst of...

In the ever-evolving landscape of industrial automation and control systems, the security of software platforms used for programming programmable logic controllers (PLCs) is paramount. Delta Electronics’ ISPSoft, a widely deployed development suite for configuring and managing Delta PLCs...

Industrial Control System Security in the Spotlight: The LabVIEW Vulnerability Exposed For the ever-expanding universe of industrial control systems (ICS), every new vulnerability warning issued by major agencies like the Cybersecurity and Infrastructure Security Agency (CISA) becomes a siren...

Healthcare IT is once again thrust into the cybersecurity spotlight, this time with a newly disclosed advisory about a critical vulnerability in Santesoft’s Sante DICOM Viewer Pro. This flaw—officially tracked as CVE-2025-2480—carries a severity that cannot be understated, especially given its...

National Instruments LabVIEW: Navigating the Vulnerabilities and Safeguarding Your Systems In the ever-evolving landscape of industrial control systems (ICS) and engineering software tools, security remains paramount. National Instruments LabVIEW, a popular platform used globally for system...

On December 3, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) issued a stern warning regarding significant vulnerabilities in the Fuji Electric Tellus Lite V-Simulator. This advisory underscores the urgent need for users and organizations to recognize and mitigate these risks...