KB5061197: Windows Server 2008 OOB Security Update (May 2025) (CVE-2025-32709)

The remote Windows host is missing a security update and is therefore affected by an elevation of privilege vulnerability: - Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. CVE-2025-32709 Note that Nessus has n...

CVE-2025-62487

On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts e.g...

EUVD-2025-206271

Details On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different...

CVE-2025-62487

On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts e.g...

CVE-2025-62487

CVE-2025-62487 affects Palantir Dossier and Slides apps (Dossier front-end). Root cause: a May 2025 change intended to enable cross-artifact file sharing caused uploads to not be properly marked with security levels. In CBAC-enabled deployments, a security picker dialog lets users set the level, ...

CVE-2025-1161

Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025...

CVE-2025-1161 Improper Authorization in Nomysoft Informatics' Nomysem

Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025...

PT-2025-50312

Name of the Vulnerable Software and Affected Versions Nomysem versions through May 2025 Description The software contains an issue related to the incorrect use of privileged APIs, which allows for privilege escalation. Recommendations At the moment, there is no information about a newer version...

NomySoft Nomysem 安全漏洞

NomySoft Nomysem is an enterprise-level IT service management system from NomySoft Turkey. A security vulnerability exists in NomySoft Nomysem May 2025 and earlier versions, which stems from improper use of privileged APIs and could lead to elevation of privilege...

EUVD-2025-13696

Malicious code in bioql PyPI...

EUVD-2025-16207

Malicious code in bioql PyPI...

Pixel Watch Security Bulletin—May 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices Google Devices. For Google devices, security patch levels of 2025-05-01 or later address all issues in this bulletin and all issues in the May 2025 Android Security Bulletin and all issues...

CVE-2025-4056

A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines...

CVE-2025-4784

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Moderec Tourtella allows SQL Injection. This issue affects Tourtella: before 26.05.2025...

CVE-2025-4784

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Moderec Tourtella allows SQL Injection.This issue affects Tourtella: before 26.05.2025...

Yealink YMCS RPS API 安全漏洞

Yealink YMCS RPS API is a device interface from China Yealink Yealink. A security vulnerability exists in the Yealink YMCS RPS API version prior to 2025-05-26, which stems from a lack of rate limiting and could lead to information disclosure...

CVE-2025-20989

Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmackey...

CVE-2025-20987

The CVE-2025-20987 issue is tied to fingerprint trustlet on Samsung devices, where improper access control allows local privileged attackers to obtain an auth_token. According to PT-2025-23749 (Fingerprint trustlet) and related sources, affected versions are before SMR May-2025 Release 1. The roo...

SAMSUNG SMR 安全漏洞

SAMSUNG SMR is a system patch package from the South Korean company Samsung SAMSUNG. It provides patches for Samsung cell phone applications. A security vulnerability exists in versions prior to SAMSUNG SMR May-2025 Release 1, which stems from improper logging and could lead to a locally privileg...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices prior to May-2025 Release 1, which originates from an out-of-bounds read and could allow a...