CVE-2025-22886

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory...

CVE-2025-25218

The CVE-2025-25218 entry concerns OpenHarmony before and including v5.0.3 where a NULL pointer dereference allows a local attacker to cause a denial of service. The root cause is a NULL pointer dereference in the affected component, leading to a crash or DOS condition when exploited locally. Publ...

Azure Linux 3.0 Security Update: pytorch (CVE-2025-3730)

The version of pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-3730 advisory. - A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function...

EulerOS 2.0 SP12 : elfutils (EulerOS-SA-2025-1412)

According to the versions of the elfutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function...

Azure Linux 3.0 Security Update: dwarves / libbpf (CVE-2025-29481)

The version of dwarves / libbpf installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-29481 advisory. - Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code vi...

CBL Mariner 2.0 Security Update: pytorch (CVE-2025-3730)

The version of pytorch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-3730 advisory. - A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function...

CVE-2025-0217 Privileged Remote Access Authentication Bypass

BeyondTrust Privileged Remote Access PRA versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions...

CVE-2025-0217 Privileged Remote Access Authentication Bypass

BeyondTrust Privileged Remote Access PRA versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions...

CVE-2025-4272

A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has been rated as critical. Affected by this issue is some unknown functionality in the library C:\Program Files\OEM\MECHREVO Control Center\UniwillService\MyControlCenter\csCAPI.dll of the component GCUService. The manipulation...

CVE-2025-4272 Mechrevo Control Console GCUService csCAPI.dll uncontrolled search path

A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has been rated as critical. Affected by this issue is some unknown functionality in the library C:\Program Files\OEM\MECHREVO Control Center\UniwillService\MyControlCenter\csCAPI.dll of the component GCUService. The manipulation...

CVE-2025-4272 Mechrevo Control Console GCUService csCAPI.dll uncontrolled search path

A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has been rated as critical. Affected by this issue is some unknown functionality in the library C:\Program Files\OEM\MECHREVO Control Center\UniwillService\MyControlCenter\csCAPI.dll of the component GCUService. The manipulation...

CVE-2025-4272

CVE-2025-4272 affects Mechrevo Control Console 1.0.2.70; vulnerable component is the library csCAPI.dll under GCUService. Reported issue: uncontrolled search path leading to local exploitation. Documents consistently describe local attack requirements with high impact per CVSS vectors (local acce...

CVE-2025-4261

A vulnerability was found in GAIR-NLP factool up to 3f3914bc090b644be044b7e0005113c135d8b20f. It has been classified as critical. This affects the function runsingle of the file factool/factool/math/tool.py. The manipulation leads to code injection. The attack needs to be approached locally. The...

CVE-2025-20665

In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760...

CVE-2025-4261 GAIR-NLP factool tool.py run_single code injection

A vulnerability was found in GAIR-NLP factool up to 3f3914bc090b644be044b7e0005113c135d8b20f. It has been classified as critical. This affects the function runsingle of the file factool/factool/math/tool.py. The manipulation leads to code injection. The attack needs to be approached locally. The...

CVE-2025-4261

CVE-2025-4261 affects GAIR-NLP factool, specifically the run_single function in factool/factool/math/tool.py. The cited pattern indicates a code injection vulnerability introduced up to commit 3f3914bc090b644be044b7e0005113c135d8b20f, with local access required for exploitation. Multiple connecte...

CVE-2025-4218

A vulnerability was found in handrew browserpilot up to 0.2.51. It has been declared as critical. Affected by this vulnerability is the function GPTSeleniumAgent of the file browserpilot/browserpilot/agents/gptseleniumagent.py. The manipulation of the argument instructions leads to code injection...

CVE-2025-4068

A vulnerability classified as critical was found in code-projects Simple Movie Ticket Booking System 1.0. Affected by this vulnerability is the function changeprize. The manipulation of the argument prize leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit...

CVE-2025-4069

A vulnerability, which was classified as critical, has been found in code-projects Product Management System 1.0. Affected by this issue is the function additem. The manipulation of the argument st.productname leads to stack-based buffer overflow. An attack has to be approached locally. The explo...

CVE-2025-4063

A vulnerability was found in code-projects Student Information Management System 1.0 and classified as critical. Affected by this issue is the function cancel. The manipulation of the argument firstname/lastname leads to stack-based buffer overflow. The attack needs to be approached locally. The...