CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

PT-2025-17401 · Kitty +1 · Kitty +1

Name of the Vulnerable Software and Affected Versions: kitty versions prior to 0.41.0 Description: The issue concerns the open actions.py script in kitty, which does not request user confirmation before executing a local executable file. This file may have been linked from an untrusted document,...

kitty 安全漏洞

kitty is a Python-based GPU terminal emulation software by Kovid Goyal, an individual developer in India. The software provides basic terminal functionality and GPU-based rendering reduces system load, uses OpenGL for rendering, and can be supported on Linux and Mac. A security vulnerability exis...

Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader

A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution," Palo...

Siemens License Server Privilege Mismanagement Vulnerability

Siemens License Server SLS is a tool from Siemens, Germany, for managing and distributing licenses for Siemens software products. A privilege mismanagement vulnerability exists in Siemens License Server that stems from not properly validating an executable file in an application folder, which can...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : poppler (SUSE-SU-2025:1342-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1342-1 advisory. - CVE-2025-32364: Fixed a floating point exception. bsc1240880 - CVE-2025-32365: Fixed the isOk...

SUSE-SU-2025:1342-1 Security update for poppler

This update for poppler fixes the following issues: - CVE-2025-32364: Fixed a floating point exception. bsc1240880 - CVE-2025-32365: Fixed the isOk check in JBIG2Bitmap::combine function in JBIG2Stream.cc. bsc1240881 - Adding -fpie compile flag to GCC for Position Independent Executable PIE suppo...

CVE-2025-43715

CVE-2025-43715 affects the Nullsoft Scriptable Install System (NSIS) prior to 3.11 on Windows. The root cause is that the temporary plugins directory is created under %WINDIR%\temp and an unprivileged user can win a race by placing a crafted executable, because EW_CREATEDIR does not consistently ...

Low: cuda-cupti-12-8

Issue Overview: NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. CVE-2024-53870...

Low: libnpp-12-8

Issue Overview: NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. CVE-2024-53870...

Oracle OpenJDK 8.x - 24.x Multiple Vulnerabilities (Apr 2025)

Oracle OpenJDK is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:openjdk"; ifdescripti...

Low: cuda-nsight-12-8

Issue Overview: NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. CVE-2024-53870...

Low: cuda-toolkit-12

Issue Overview: NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. CVE-2024-53870...

Low: cuda-nvtx-12-8

Issue Overview: NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. CVE-2024-53870...

Low: cuda-demo-suite-12-8

Issue Overview: NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. CVE-2024-53870...

Low: libcusolver-12-8

Issue Overview: NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. CVE-2024-53870...

Microsoft Edge Update Setup (Chromium-based) Detection (Windows SMB Login)

This script detects the installed version of Microsoft Edge Update Setup Chromium-based for Windows. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

SQLite 3.44.0 - 3.49.0 Multiple Vulnerabilities

SQLite is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sqlite:sqlite"; ifdescription...

📄 RemotePC Remote Code Execution

RemotePC suffers from an unauthenticated remote code execution vulnerability. The release for this on github offers no version information. Exploit Title: RemotePC - Unauthenticated RCE Date: 2025-04-14 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/akoc95/RemotePC Version: latest...

CVE-2025-32035

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 9.13.2, when uploading files e.g. when uploading assets, the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This...