CVE-2025-47934 allows attackers to spoof arbitrary signatures and encrypted emails that appear as valid in OpenPGP.js. The only requirement is access to a single valid signed message from the target author (“Alice”). Since this undermines the core principle of PGP and impacts integrating applications directly, we strongly recommend updating OpenPGP.js to version v5.11.3, v6.1.1, or newer.

CVE-2025-32464 is a vulnerability in HAProxy 2.2 up to 3.1.6-d929ca2 which allows an attacker to perform a DoS attack exploiting specific usages of the regsub converter. It cause a heap buffer overflow, making the whole HAProxy pool of workers crash. Given the nature of the vulnerability, a scenario where this vulnerability can be abused in order to obtain RCE is not feasible, nevertheless, we recommend checking whether you are using the regsub converter in your HAProxy configuration and updating to >=3.1.7 or enterprise version 3.1r1 (1.0.0-347.338) whenever possible.

Attackers can write semi-arbitrary files in the filesystem, and remotely extract values from environment variables and from INI-like files in the filesystem via two vulnerabilities in LibreOffice. Both occur upon loading the document, without any user interaction. These vulnerabilities are relevant in a desktop scenario (a victim user opens a malicious document) and in server-side headless scenarios (a victim application uses LibreOffice in a headless manner to convert a malicious document).

During our research into Ghostscript, we also identified five memory-corruption-related vulnerabilities (CVE-2024-29506, CVE-2024-29507, CVE-2024-29508, and CVE-2024-29509). This blog post describes all the remaining bugs from our research which we did not end up using in an exploit. Some may be exploitable but this depends on whether Ghostscript is compiled with hardening countermeasures.

An arbitrary file read/write vulnerability in Ghostscript ≤ 10.02.1 which enables attackers to read/write arbitrary files on the complete filesystem including outside of the -dSAFER sandbox.

CVE-2024-29511 has significant impact on web-applications and other services offering document conversion and preview functionalities as these often use Ghostscript under the hood. We recommend verifying whether your solution (indirectly) makes use of Ghostscript and if so, update it to the latest version.

A format string vulnerability in Ghostscript ≤ 10.03.0 which enables attackers to gain Remote Code Execution (#RCE) while also bypassing sandbox protections.

CVE-2024-29510 has significant impact on web-applications and other services offering document conversion and preview functionalities as these often use Ghostscript under the hood. We recommend verifying whether your solution (indirectly) makes use of Ghostscript and if so, update it to the latest version!

A vulnerability in PDF.js found by Codean Labs. PDF.js is a JavaScript-based PDF viewer maintained by Mozilla. This bug allows an attacker to execute arbitrary JavaScript code as soon as a malicious PDF file is opened. This affects all Firefox users (<126) because PDF.js is used by Firefox to show PDF files, but also seriously impacts many web- and Electron-based applications that (indirectly) use PDF.js for preview functionality.

Vulnerabilities emerge if software developers rely too much on the security of external components like open source libraries. A customer project led us into a rabbit hole finding multiple issues in third-party packages, resulting in critical vulnerabilities in our client’s final product. Together with DIVD we disclosed the findings to the open source communities, which resulted in fixes and 6 CVEs, found by our security experts Thomas Rinsma and Kevin Valk.

A deep dive on the security of a connected IoT thermostat and how a useful feature that is simply part of the product can fully undermines the network security when deployed.