CVE-2024-39335

CVE-2024-39335 affects Mahara: vulnerable versions 24.04 before 24.04.1 and 23.04 before 23.04.6 are susceptible to information disclosure to an institution administrator via the Current submissions page (Administration → Groups → Submissions). Root cause: information disclosure condition on that...

PT-2025-49072

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw on nios2 systems where the memblock.current limit is not properly initialized when CONFIG FLATMEM is enabled. This can lead to max low pfn exceeding the...

CVE-2025-52085

An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject arbitrary SQL queries via a request to a backend API endpoint. Successful exploitation enables extraction of sensitive database information, including but not limited to, the database server banner a...

CVE-2025-52085

An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject arbitrary SQL queries via a request to a backend API endpoint. Successful exploitation enables extraction of sensitive database information, including but not limited to, the database server banner a...

CVE-2025-52085

An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject arbitrary SQL queries via a request to a backend API endpoint. Successful exploitation enables extraction of sensitive database information, including but not limited to, the database server banner a...

CVE-2025-52085

Yoosee application (v6.32.4) contains an SQL injection in a backend API endpoint that authenticated users can exploit to extract sensitive DB information (server banner/version, current user/schema, privileges, and data from any table). CVE-2025-52085 is documented with a HIGH impact (C/H/I/A). A...

Slackware Linux 15.0 / current mozilla-firefox Vulnerability (SSA:2025-231-01)

The version of mozilla-firefox installed on the remote host is prior to 140.2.0esr. It is, therefore, affected by a vulnerability as referenced in the SSA:2025-231-01 advisory. New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted...

Slackware: Security Advisory (SSA:2025-231-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-140.2.0esr-i686-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. For...

Adobe Photoshop Out-of-Bounds Write Vulnerability (CNVD-2025-24438)

Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. Adobe Photoshop suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the...

Adobe Substance 3D Stager out-of-bounds write vulnerability (CNVD-2025-24439)

Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. Adobe Substance 3D Stager suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the context of the current user...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-140.2.0esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...

DLINK-DIR600LAx-Vulnerability

DLINK-DIR600LAx-Vulnerability - 01: - 02: - 03: - 04: - 0...

Linux Distros Unpatched Vulnerability : CVE-2021-36770

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working...

USN-7699-1 linux, linux-aws, linux-aws-6.14, linux-gcp, linux-gcp-6.14, linux-oracle, linux-oracle-6.14, linux-raspi, linux-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - RISC-V architecture; - x86 architecture; - Buffer Sharing and Synchronization framework; - DM...

Linux Distros Unpatched Vulnerability : CVE-2023-40590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after...

Adobe Substance3D Viewer Heap Buffer Overflow Vulnerability (CNVD-2025-24440)

Adobe Substance3D Viewer is a stand-alone desktop application for viewing and editing 3D files from Audobee Adobe USA. Adobe Substance3D Viewer suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the context of the curre...

CVE-2025-5046

A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-5048

Autodesk AutoCAD is affected by CVE-2025-5048 via DGN file parsing that can trigger a memory corruption, enabling arbitrary code execution in the current process. The vulnerability is exploitable locally with user interaction required (per the CVE metrics and ZDI advisory). The root cause is rela...

CVE-2025-5047

Autodesk AutoCAD is affected by CVE-2025-5047 due to a vulnerability in parsing DGN files, arising from an uninitialized variable in memory access. The issue can allow crash, data leakage, or arbitrary code execution in the context of the current process. Public sources note this can be exploited...