CVE-2025-30673 Sub::HandlesVia for Perl allows untrusted code to be included from the current working directory

Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory '.' to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code...

CVE-2025-30672

CVE-2025-30672 affects Mite for Perl (before 0.013000). The code generator adds the current working directory (.) to Perl's @INC, enabling a malicious file in the CWD to be loaded in place of the intended file, potentially allowing arbitrary code execution. This impacts the Mite distribution and ...

Ubuntu 24.04 LTS : Linux kernel (Low Latency) vulnerabilities (USN-7381-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7381-1 advisory. Attila Szsz discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a...

MetaCPAN Sub::HandlesVia 代码问题漏洞

MetaCPAN Sub::HandlesVia is a library of the MetaCPAN Foundation. A code issue vulnerability exists in versions prior to MetaCPAN Sub::HandlesVia 0.050002 that stems from allowing untrusted code to be loaded from the current working directory, which could lead to the execution of arbitrary code...

USN-7380-1 linux-lowlatency vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86...

Malicious code in gh-find-current-pr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0aba54c4eb36c259689cdca7db5a45c0b6cd53c7a27670e8a557c3b802afd97f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2607 Malicious code in gh-find-current-pr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0aba54c4eb36c259689cdca7db5a45c0b6cd53c7a27670e8a557c3b802afd97f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

[slackware-security] libarchive

New libarchive packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libarchive-3.7.8-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: tar reader: Handle truncation in the...

DRUPAL-CONTRIB-2025-024

This module adds a formatter for link fields that displays the current entity with another view mode inside the link. Drupal core does not sufficiently sanitize link element attributes, which can lead to a Cross Site Scripting vulnerability XSS. A separate fix for Drupal core has been released bu...

WordPress Altair theme <= 5.2.4 - Unauthenticated Arbitrary Options Update via pp_import_current vulnerability

Unauthenticated Arbitrary Options Update via ppimportcurrent vulnerability discovered by Tonn in WordPress Theme Altair versions = 5.2.4...

mptcp: sysctl: sched: avoid using current->nsproxy

...

sctp: sysctl: udp_port: avoid using current->nsproxy

...

sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy

...

The vulnerability of the Substance 3D Sampler software for creating textures and materials for 3D models lies in its ability to read data beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Substance 3D Sampler software for creating textures and materials for 3D models involves reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current user...

The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in its ability to read data beyond the acceptable range of memory. This allows a malicious actor to execute arbitrary code.

The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in the ability to read data beyond the acceptable range in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current process...

The vulnerability of the Substance 3D Sampler software for creating textures and materials for 3D models allows attackers to execute arbitrary code. This vulnerability stems from buffer overflows in the dynamic memory, enabling attackers to exploit the system.

The vulnerability of the Substance 3D Sampler software for creating textures and materials for 3D models is related to a buffer overflow in the dynamic memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code in the context of the current user...

The vulnerability of the DCM files on the medical image and data management system, as well as the Sante PACS Server, allows a hacker to write these files in the context of the current user.

The vulnerability of the DCM files on the medical image and data management system, as well as those on the Sante PACS Server, is related to incorrect restrictions on the path name for accessing the restricted catalog. Exploiting this vulnerability allows a malicious actor to write files under th...

The vulnerability of the DCM files on the medical image and data management system, as well as the Sante PACS Server, allows a hacker to record these files in the context of the current user.

The vulnerability of the DCM files on the medical image and data management system, as well as those on the Sante PACS Server, is related to incorrect restrictions on the path name for accessing the restricted catalog. Exploiting this vulnerability allows a malicious actor to write files under th...

The vulnerability of Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in its integer overflow vulnerabilities, allowing an attacker to execute arbitrary code.

The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling is related to a numerical overflow condition. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current process...

The vulnerability of the Substance 3D Sampler software for creating textures and materials for 3D models lies in its ability to read data beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Substance 3D Sampler software for creating textures and materials for 3D models involves reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current user...