Out-of-bounds write vulnerability

A weakness has been identified in mruby 3.4.0. This vulnerability affects the function aryfillexec of the file mrbgems/mruby-array-ext/src/array.c. Executing manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been ma...

CVE-2025-12745

CVE-2025-12745 affects QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. The vulnerability is in the function js_array_buffer_slice of quickjs.c and causes a buffer over-read. Exploitation is restricted to local execution; the exploit has been publicly disclosed. The CVE description and mul...

EUVD-2025-37919

A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function jsarraybufferslice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public a...

CVE-2025-12745 QuickJS quickjs.c js_array_buffer_slice buffer over-read

A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function jsarraybufferslice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public a...

TencentOS Server 4: gdb (TSSA-2025:0844)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0844 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Exploit for CVE-2015-1328

CVE-2015-1328 Proof of Concept A Proof of Concept PoC explo...

Astra Linux – Vulnerability in Tiff

A vulnerability has been identified in LibTIFF 4.7.0. This affects the function main of the tiffcrop.c file in the tiffcrop component. Performing certain manipulations may lead to memory corruption. This attack can only be executed locally. The exploit has been made available to the public, and i...

Rootkit Privilege Escalation Signal Hunter

This module searches for rootkits which use signals to elevate process privileges to UID 0 root. Some rootkits install signal handlers which listen for specific signals to elevate process privileges. This module identifies these rootkits by sending signals and observing UID switching to root. Thi...

OESA-2025-2569 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the...

OESA-2025-2568 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the...

OESA-2025-2567 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the...

CVE-2025-34287

Nagios XI prior to 2024R2 is affected by a local privilege escalation due to an improperly owned script, process_perfdata.pl, which runs as the nagios user but is owned by www-data and writable by www-data. An attacker with web-server privileges could modify the script and trigger arbitrary code ...

CVE-2025-12205

A vulnerability was detected in Kamailio 5.5. The affected element is the function srpushyystate of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in use after free. The attack must be initiated from a local position. The exploit is now public and...

CVE-2025-12204

A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rvedestroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed...

Linux Distros Unpatched Vulnerability : CVE-2025-12204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rvedestroy of the file src/core/rvalue.c of the component Configuration Fil...

Linux Distros Unpatched Vulnerability : CVE-2025-12207

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in Kamailio 5.5. This affects the function yyerrorat of the file src/core/cfg.y of the component Grammar Rule Handler. Such...

CVE-2025-12247

CVE-2025-12247 affects Hasleo Backup Suite (up to version 5.2) and specifically the components HasleoImageMountService/HasleoBackupSuiteService. The issue is an unquoted search path in these components, enabling local exploitation. Impact is described as local access with high complexity, and exp...

CVE-2025-12247 Hasleo Backup Suite HasleoImageMountService/HasleoBackupSuiteService unquoted search path

A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack's complexity is rated as high...

CVE-2025-12247 Hasleo Backup Suite HasleoImageMountService/HasleoBackupSuiteService unquoted search path

A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack's complexity is rated as high...

CVE-2025-12206

A flaw has been found in Kamailio 5.5. The impacted element is the function rveisconstant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been published and may be used. It is still unclear if this...