25211 matches found
PT-2025-48141
Name of the Vulnerable Software and Affected Versions Cursor affected versions not specified Description An improper neutralization of special elements used in an OS command 'command injection' exists in Cursor. This allows an unauthorized attacker to execute commands that are outside of those...
Cursor 安全漏洞
Cursor is an AI code editor from Cursor open source. A security vulnerability exists in Cursor that stems from improper neutralization of special elements in OS commands, which could lead to arbitrary code execution...
Zephyr 安全漏洞
Zephyr is an extensible real-time operating system RTOS open-sourced by Zephyr. A security vulnerability exists in Zephyr that stems from an out-of-bounds write that could lead to the execution of arbitrary code or a denial-of-service attack...
IBM DB2 Information Disclosure and Credential Exposure (7250484) (Unix)
According to its self-reported version number, IBM Db2 on Unix may be affected by a vulnerability: - IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server clpplus command exposes user credentials to the terminal...
Photon OS 5.0: Linux PHSA-2025-5.0-0690
An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0690. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 4.0: Linux PHSA-2025-4.0-0914
An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0914. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the template management component in REDAXO CMS. An attacker can execute arbitrary operating system commands by injecting PHP code into an active template and triggering its execution when visitors access...
CVE-2025-64050
A Remote Code Execution RCE vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages...
Zenitel TCIV-3+
RISK EVALUATION Successful exploitation of these vulnerabilities could result in arbitrary code execution or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
SUSE CVE-2023-43000
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption...
SUSE CVE-2025-43430
This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...
SUSE CVE-2025-43431
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption...
SUSE CVE-2025-43480
The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrate data cross-origin...
PT-2025-48167
Name of the Vulnerable Software and Affected Versions Zenitel TCIV-3+ affected versions not specified Description An OS command injection issue arises from inadequate sanitization of user-provided input. The application processes parameters without sufficient validation before incorporating them...
PT-2025-48168
Name of the Vulnerable Software and Affected Versions Zenitel TCIV-3+ affected versions not specified Description An OS command injection issue arises from insufficient validation of user-provided input. The validation process does not adequately enforce formatting rules, potentially allowing...
Security Bulletin: NVIDIA DGX Spark - November 2025
NVIDIA has released a software update for NVIDIA DGX Spark. To protect your system, download and install the latest version of NVIDIA DGX OS from the NVIDIA DGX site. Go to NVIDIA Product Security. To protect your system, download and install the latest version of NVIDIA DGX OS from the NVIDIA DG...
Photon OS 5.0: Openssh PHSA-2025-5.0-0687
An update of the openssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0687. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 5.0: Gdb PHSA-2025-5.0-0648
An update of the gdb package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0648. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid27671...
Photon OS 4.0: Openssh PHSA-2025-4.0-0911
An update of the openssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0911. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 4.0: Python3 PHSA-2025-4.0-0912
An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0912. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...