NewStart CGSL MAIN 6.06 : ncurses Multiple Vulnerabilities (NS-SA-2025-0223)

The remote NewStart CGSL host, running version MAIN 6.06, has ncurses packages installed that are affected by multiple vulnerabilities: - In ncurses 6.0, there is a format string vulnerability in the fmtentry function. A crafted input will lead to a remote arbitrary code execution attack...

ROS-20250930-07

Vulnerability of ImageMagick console graphic editor related to format string error in function "InterpretImageFilename" function. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code on the target system, execute arbitrary code on the target system Vulnerabili...

CVE-2025-9494

An OS command injection vulnerability has been discovered in the Vitogate 300, which can be exploited by malicious users to compromise affected installations. Specifically, the /cgi-bin/vitogate.cgi endpoint is affected, when the form JSON parameter is set to form-0-2. The vulnerability stems fro...

CVE-2025-36202

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source...

Arbitrary Code Execution

ImageMagick is vulnerable to Arbitrary Code Execution. The vulnerability is due to format string vulnerability due to user input being passed directly to FormatLocaleString without proper sanitization, allowing attackers to overwrite arbitrary memory and potentially achieve remote code execution...

CVE-2025-36202

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source...

CVE-2025-36202 IBM webMethods Integration code execution

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source...

PT-2025-38725

Name of the Vulnerable Software and Affected Versions IBM webMethods Integration versions 10.15 and 11.1 Description An authenticated user with execute Services permissions may be able to execute commands on the system. This is due to improper validation of format string strings received from an...

CVE-2025-8276

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...

CLSA-2025-1758195721 ImageMagick: Fix of 4 CVEs

CVE-2025-55154: fix integer overflows in MNG magnification - CVE-2025-55212: fix division by zero in ThumbnailImage - CVE-2025-57803: fix 32-bit integer overflow when writing BMP scanline stride - CVE-2025-55298: fix format string bug leading to RCE or heap overflow...

CVE-2025-8276

CVE-2025-8276 affects Patika Global Technologies’ HumanSuite (prior to 53.21.0). The issue stems from improper encoding/escaping of output and insufficient neutralization of input in web page generation, enabling Cross-Site Scripting (XSS) and injection-style risks (including potential code/data ...

CVE-2025-8276 HTML Injection in Patika Global Technologies' HumanSuite

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...

CVE-2025-8276 HTML Injection in Patika Global Technologies' HumanSuite

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2025-1182)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1182 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the...

Important: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in...

exploit_me

This is a vulnerable ARM/AARCH64 application, specifically designed for a CTF Capture The Flag style exploitation tutorial. The application is written in C and is intended to demonstrate various types of vulnerabilities, including integer overflow, stack overflow, array overflow, off-by-one, stac...

linux-exploit-development-tutorial

This is a Linux exploit development tutorial for beginners. The repository contains a series of chapters on various topics, including basic knowledge, stack security, heap security, and kernel security. The first chapter covers basic knowledge, including format string vulnerabilities, integer...

Zeratool

This repository, Zeratool, is an automatic exploit generation tool for exploitable CTF Capture The Flag problems. It uses the angr concolic analysis engine to analyze binaries and identify vulnerabilities, and then weaponizes these vulnerabilities for remote code execution through pwntools. The...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate alpha channels bsc1248076. CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces bsc1248077...

SUSE SLES12 Security Update : ImageMagick (SUSE-SU-2025:03150-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03150-1 advisory. - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces bsc1248077. - CVE-2025-55154: Fixed integer overfl...