PYSEC-2025-139

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a segmentation fault in mlx::core::loadgguf when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. This iss...

The vulnerability of the microprogramming software of industrial thermal printers SATO CL4NX Plus, CL6NX Plus, CL4NX-J Plus, and CL6NX-J Plus lies in the ability to load files of a harmful type without restrictions. This allows attackers to escalate their privileges and execute arbitrary code.

The vulnerability of microprogrammed industrial thermal printers such as SATO CL4NX Plus, CL6NX Plus, CL4NX-J Plus, and CL6NX-J Plus lies in the ability to load files of a malicious nature without limitation. Exploiting this vulnerability can allow an attacker to enhance their privileges and...

The vulnerability in the signature loading function of the APPE Signature Upgrade module of the DrayTek Vigor router microsoftware allows a violator to execute arbitrary code.

The vulnerability of the signature loading function in the APPE Signature Upgrade microprogramming software for DrayTek Vigor routers allows for unlimited loading of malicious files. Exploiting this vulnerability can enable a hacker to execute arbitrary code...

The vulnerability of the SCP utility for access control and remote authentication, as well as software such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe—is related to unlimited resource distribution. This allows attackers to execute arbitrary commands.

The vulnerability of the SCP utility for access control and remote authentication, as well as software such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP...

The vulnerability of the ACEManager component in the ALEOS operating system of Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—allows a hacker to execute arbitrary scripts and trigger a system reboot.

The vulnerability of the ACEManager component in the ALEOS operating system of Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—is related to the ability to load files of a malicious nature without limitation. Exploiting this vulnerability allows an attacker to execute...

The vulnerability of the IVA MCU video conference server software, related to the possibility of loading dangerous files, allows attackers to execute XSS attacks.

The vulnerability of the IVA MCU video conference server software relates to the possibility of loading files of a malicious nature. Exploiting this vulnerability allows a remote attacker to carry out an XSS-type attack...

Foxit PDF Editor DLL Hijacking Vulnerability

Foxit PDF Editor is a PDF file editing software. Foxit PDF Editor has a DLL hijacking vulnerability. An attacker can exploit this vulnerability to load a fake malicious dll file...

Information disclosure

Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance ASA could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these...

Novell Netware Enterprise Web Server 5.16.0 - Multiple Cross-Site Scripting Vulnerabilities

Novell Netware Enterprise Web Server 5.16.0 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/9479/info Multiple vulnerabilities have been identified in Novell Netware Enterprise Web Server that may allow an attacker to carry out cross-site scripting attack...