CVE-2025-55149 Path Traversal Vulnerability in PDF Review Function (CWE-22)

Tiny-Scientist is a lightweight framework for automating the entire lifecycle of scientific research—from ideation to implementation, writing, and review. In versions 0.1.1 and below, a critical path traversal vulnerability has been identified in the reviewpaper function in backend/app.py. The...

Linux Distros Unpatched Vulnerability : CVE-2025-2914

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FSsinfoSrializeSctcb of the file src/H5FScache.c. The...

CVE-2025-6634

A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

Metasploit Wrap-Up 08/08/25

New module content 4 ICTBroadcast Unauthenticated Remote Code Execution Author: Valentin Lobstein Type: Exploit Pull request: 20446 contributed by Chocapikk Path: linux/http/ictbroadcastunauthcookie AttackerKB reference: CVE-2025-2611 Description: This adds a new module for CVE-2025-2611 -...

FreeBSD : FreeBSD -- Integer overflow in libarchive leading to double free (66f35fd9-73f5-11f0-8e0e-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 66f35fd9-73f5-11f0-8e0e-002590c1f29c advisory. An integer overflow in the archivereadformatrarseekdata function may lead to a double free problem...

EU Digital Regulation and Guatemala: AI, 5G, and Cybersecurity

The paper examines how EU rules in AI, 5G, and cybersecurity operate as transnational governance and shape policy in Guatemala. It outlines the AI Act's risk approach, the 5G Action Plan and Security Toolbox, and the cybersecurity regime built on ENISA, NIS2, the Cybersecurity Act, and the Cyber...

Linux Distros Unpatched Vulnerability : CVE-2025-8177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The...

Linux Distros Unpatched Vulnerability : CVE-2019-11191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Linux kernel through 5.0.7, when CONFIGIA32AOUT is enabled and ia32aout is loaded, allows local users to bypass ASLR on setuid a.out programs if any exist...

Medium: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue stems from an off-by-one error that causes out-of-bounds memory acce...

Linux Distros Unpatched Vulnerability : CVE-2022-49228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a btf decltag bug when tagging a function syzbot reported a btf decltag bug with...

CVE-2025-55135

In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes/userRoutes.js; this includes SVG...

ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()

...

CVE-2025-55135

In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes/userRoutes.js; this includes SVG...

Linux Distros Unpatched Vulnerability : CVE-2021-47387

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: cpufreq: schedutil: Use kobject release method to free sugovtunables The struct sugovtunable...

Linux Distros Unpatched Vulnerability : CVE-2024-43891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENTFILEFLFREED When eventfs was introduced, special care h...

Linux Distros Unpatched Vulnerability : CVE-2021-47039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ataflop: potential out of bounds in doformat The function uses type as an array index: q =...

Linux Distros Unpatched Vulnerability : CVE-2023-52894

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: fncm: fix potential NULL ptr deref in ncmbitrate In Google internal bug 265639009 we've received an as yet unreproducible crash report from an...

Linux Distros Unpatched Vulnerability : CVE-2025-24855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is...

Linux Distros Unpatched Vulnerability : CVE-2021-29648

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolvedids and resolvedsizes are intentionally...

Security update for libarchive

This update for libarchive fixes the following issues: CVE-2025-5914: Fixed double free due to an integer overflow in the archivereadformatrarseekdata function bsc1244272 CVE-2025-5915: Fixed heap buffer over read in copyfromlzsswindow at archivereadsupportformatrar.c bsc1244273 CVE-2025-5916:...