Update on React Server Components RCE Vulnerability (CVE-2025-55182 / CVE-2025-66478)

The attack landscape has been dynamic following the disclosure of the React Server Components RCE vulnerability. New information has emerged regarding the initial Proof-of-Concept exploit, as well as improved detection methods, exploitation mechanics observed in the wild, and rapidly growing atta...

Security Bulletin: A vulnerability in IBM Java Runtime used by the IBM Installation Manager and IBM Packaging Utility

Summary There is a vulnerability in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVE and we recommend updating to the latest version to remediate...

Linux Distros Unpatched Vulnerability : CVE-2025-13699

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on...

MariaDB Directory Traversal RCE Vulnerability (Nov 2025)

MariaDB is prone to a directory traversal remote code execution RCE vulnerability in the mariadb-dump Utility. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...

JLSEC-2025-310 A memory leak flaw was found in Libtiff's tiffcrop utility

A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denia...

EUVD-2025-198257

A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hush\hush-lib\hush\Util.php of the component HTTP Host Header Handler. This manipulation of the argument $SERVER'HOST' causes improper neutralization of http headers for scriptin...

DualTAP: A Dual-Task Adversarial Protector for Mobile MLLM Agents

The reliance of mobile GUI agents on Multimodal Large Language Models MLLMs introduces a severe privacy vulnerability: screenshots containing Personally Identifiable Information PII are often sent to untrusted, third-party routers. These routers can exploit their own MLLMs to mine this data,...

Siemens SIMATIC S7-1500 Heap-based Buffer Overflow (CVE-2023-4016)

Under some circumstances, this weakness allows a user who has access to run the ps utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mor...

CVE-2025-27246

Incorrect default permissions for the IntelR Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable local code execution...

CVE-2025-24842

Uncontrolled search path for the IntelR System Support Utility before version 4.1.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a high complexity attack may enable local code execution. This result may...

CVE-2025-24918

Improper link resolution before file access 'link following' for some IntelR Server Configuration Utility software and IntelR Server Firmware Update Utility software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an...

EUVD-2025-93484

Uncontrolled search path for the IntelR Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. Thi...

EUVD-2025-93532

Use of unmaintained third party components for some IntelR Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity attack may enable escalation...

CVE-2025-27246

Incorrect default permissions for the IntelR Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable local code execution...

CVE-2025-32001

Uncontrolled search path for the IntelR Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. Thi...

CVE-2025-31645

Uncontrolled search path for some System Event Log Viewer Utility software for all versions within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege...

CVE-2025-27246

Incorrect default permissions for the IntelR Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable local code execution...

CVE-2025-27246

Intel Processor Identification Utility

Intel® System Support Utility Advisory

Summary: A potential security vulnerability for the Intel® System Support Utility may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-24842 Description: Uncontrolled search path for the Intel® Syst...

Intel® Processor Identification Utility Software Advisory

Summary: Potential security vulnerabilities in some Intel® Processor Identification Utility software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2025-20010 Description: Use of unmaintained...