CVE-2025-9032 Avira antivirus engine heap buffer OOB read when scanning a malformed PE file

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70....

CVE-2025-9032

CVE-2025-9032 is a heap buffer out-of-bounds read vulnerability in the Avira Antivirus engine when scanning a malformed Windows PE file. Affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.98. The issue can lead to Local Execution of Code or Denial-of-Service of t...

CVE-2025-7017 Avira antivirus engine heap buffer OOB read when scanning a malformed Windows MSI file

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before...

CVE-2025-7017 Avira antivirus engine heap buffer OOB read when scanning a malformed Windows MSI file

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before...

CVE-2025-7017

Affected product: Avira Antivirus engine. Vulnerability: heap buffer out-of-bounds read when scanning a malformed Windows MSI file. Root cause: out-of-bounds heap read in the engine (details not provided beyond the description). Impact: local code execution or denial-of-service of the antivirus e...

CVE-2025-7011

This CVE-2025-7011 describes a heap out-of-bounds read in the Avast Gen Digital antivirus engine when processing a malformed ZIP containing XML, potentially enabling local code execution or antivirus process denial-of-service. Affected products include Avast Antivirus, AVG Antivirus, Norton Antiv...

CVE-2025-7011 Avast antivirus heap OOB when scanning a malformed zip file

Heap out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed zip file containing XML may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus ...

CVE-2025-7011 Avast antivirus heap OOB when scanning a malformed zip file

Heap out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed zip file containing XML may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus ...

CVE-2025-7009

The CVE-2025-7009 issue is a heap buffer out-of-bounds read in the Avast/Gen Digital scanning engine when processing malformed Windows PE files. Affected products include Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux, for vi...

CVE-2025-7003 Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 1)

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56...

CVE-2025-7003 Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 1)

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56...

CVE-2025-7003

CVE-2025-7003 describes a heap buffer out-of-bounds read in the Avira Antivirus engine when scanning malformed PDF files, potentially enabling local code execution or denial-of-service. Affected: Avira Antivirus engine on Windows, macOS, and Linux for builds prior to 8.3.70.56. Exploitation detai...

CVE-2025-7002 Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 2)

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.68...

CVE-2025-7002

CVE-2025-7002 is a heap buffer out-of-bounds read vulnerability in the Avira Antivirus engine when scanning a malformed PDF, potentially allowing local code execution or crashing the antivirus process. Affected products are Avira Antivirus engines on Windows, macOS, and Linux with builds prior to...

Malicious code in textwrap-toolkit-stager (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fc85924d5672f7c91c2dd5e97c46cc48e3ae48084f906b7b0ba9d606c433fa4 On import textwraptoolkitstager, the package's init.py unconditionally fetches Python source from...

CVE-2026-46716 Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers= and an arbitrary Command. At every tick of the scheduler, the dashboard...

CVE-2026-46716

Nezha Monitoring (nezhahq/nezha) is affected by CVE-2026-46716: from version 1.4.0 up to just before 2.0.8, a RoleMember can create a cron task with Cover=CronCoverAll and Servers=[]; on every tick, the dashboard fans out the command to all servers in the global ServerShared map, including other ...

MAL-2026-5709 Malicious code in chalk-plus-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5351482f03a50cab8a28b6aa7c992c960a55c6889634d2a04bb86a157ac18d1 Package is published under a name riding the popular chalk color-output library but its source tree, README, main entry lib/nodemailer.js, and lib...

DEBIAN-CVE-2026-42851

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...

CVE-2026-42851

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...