Security Advisory 0127

Security Advisory 0127 . CSAF PDF Date: November 18, 2025 Revision | Date | Changes ---|---|--- 1.0 | November 18, 2025 | Initial release The CVE-ID tracking this issue: CVE-2025-8873 CVSSv3.1 Base Score: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSSv4.0 Base Score 8.7...

EUVD-2007-5606

Malware in sbrugna...

EUVD-2025-7973

Malicious code in bioql PyPI...

CVE-2025-30546 WordPress Cackle plugin <= 4.33 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in boroV Cackle cackle allows Cross Site Request Forgery.This issue affects Cackle: from n/a through = 4.33...

CVE-2025-30546

CVE-2025-30546 is a CSRF vulnerability in the WordPress plugin Cackle (affecting versions up to 4.33). The CVSSv3.1 base score is 4.3 (Medium) with attack vector network, no privileges required, and user interaction required. The connected Wordfence entry lists the vulnerability as a Cross-Site F...

WordPress Cackle plugin <= 4.33 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Cackle versions = 4.33...

Cyber Police of Ukraine Busted Phishing Gang Responsible for $4.33 Million Scam

The Cyber Police of Ukraine, in collaboration with law enforcement officials from Czechia, has arrested several members of a cybercriminal gang that set up phishing sites to target European users. Two of the apprehended affiliates are believed to be organizers, with 10 others detained in other...

UBUNTU-CVE-2020-1900

When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32....

LastPass Fixes Bug That Leaks Credentials

LastPass has patched a bug that could potentially allow malicious websites to access a web user’s credentials from a previously visited site. Tavis Ormandy, a vulnerability researcher from Google Project Zero, discovered the flaw in the LastPass password manager and published it on the project’s...

IrfanView RLE Image Decompression Buffer Overflow Vulnerability

No description provided by source. Application: IrfanView RLE Image Decompression Buffer Overflow Vulnerability Plateform: Windows Version: The vulnerabilities are confirmed in version 4.33. Other versions may also be affected. Exploitation: Remote code execution Secunia Number: SA49856 PRL:...

IrfanView 4.33 - IMXCF.dll Plugin Code Execution

IrfanView 4.33 - IMXCF.dll Plugin Code Execution From the simple.xcf file, 0x004ABABC will overwrite eip. Tested on Windows XP SP3 and Windows 7 x64. Fixed in the current release IrfanView 4.35: 1 Shellcode from 2 Old version installer at 3 4. 1 http://www.irfanview.com/mainhistory.htm 2...

IrfanView - .TIF Image Decompression Buffer Overflow

IrfanView - .TIF Image Decompression Buffer Overflow Application: IrfanView TIF Image Decompression Buffer Overflow Vulnerability Plateform: Windows Version: The vulnerabilities are confirmed in version 4.33. Other versions may also be affected. Exploitation: Remote code execution Secunia Number:...

IrfanView - &#039;.TIF&#039; Image Decompression Buffer Overflow

Application: IrfanView TIF Image Decompression Buffer Overflow Vulnerability Plateform: Windows Version: The vulnerabilities are confirmed in version 4.33. Other versions may also be affected. Exploitation: Remote code execution Secunia Number: SA49856 PRL: 2012-31 Author: Francis Provencher Prot...

IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability

This host has IrfanView with JPEG-2000 plugin installed and is prone to stack based buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: gbirfanviewjpeg2000bofvuln.nasl 5940 2017-04-12 09:02:05Z teissa $ IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability Authors...

Debian Security Advisory DSA 501-1 (exim)

The remote host is missing an update to exim announced via advisory DSA 501-1. OpenVAS Vulnerability Test $Id: deb5011.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 501-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

CVE-2007-5633

Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, via the 1 IOCTLRDMSR 0x9C402438 and 2 IOCTLWRMSR 0x9C40243C IOCTLs to \Device\speedfan, as...

CVE-2007-5634

Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, does not properly check a buffer during an IOCTL 0x9c402420 call, which allows local users to cause a denial of service machine crash and possibly gain privileges via unspecified vectors...

CVE-2007-5634

The CVE-2007-5634 entry concerns SpeedFan 4.33 (SpeedFan.sys) on Windows Vista x64 . The vulnerability arises from an improper buffer check during IOCTL 0x9c402420, allowing local users to cause a denial of service (machine crash) and potentially gain privileges via unspecified vectors. Affected ...

CVE-2007-5634

Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, does not properly check a buffer during an IOCTL 0x9c402420 call, which allows local users to cause a denial of service machine crash and possibly gain privileges via unspecified vectors...