PT-2025-52703

Name of the Vulnerable Software and Affected Versions SOUND4 LinkAndShare Transmitter version 1.1.2 Description SOUND4 LinkAndShare Transmitter version 1.1.2 contains a format string vulnerability. This allows attackers to trigger memory stack overflows through maliciously crafted environment...

📄 HEUR.Backdoor.Win32.Poison.gen MVID-2025-0701 DLL Hijacking

HEUR.Backdoor.Win32.Poison.gen malware looks for and executes a x32-bit "WININET.dll" PE file in its current directory. Therefore, we can hijack the DLL and execute our own c ode to intercept and terminate the malware. It is suggested that RansomLordNG be leveraged for this purpose. Discovery /...

[SECURITY] [DSA 6089-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6089-1 [email protected] https://www.debian.org/security/ Andres Salomon December 21, 2025 https://www.debian.org/security/faq -...

SUSE CVE-2025-14946

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

CVE-2025-63665

An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window...

FreeBSD : Firefox -- Memory safety bugs (23437e07-ddc0-11f0-902c-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 23437e07-ddc0-11f0-902c-b42e991fc52e advisory. https://bugzilla.mozilla.org/buglist.cgi?bugid=1996570%2C1999700 reports: Memory safety bugs present in...

Improper Control of Dynamically-Managed Code Resources

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the workflow expression evaluation system. An authenticated attacker can execute arbitrary code with the privileges of the underlying...

CVE-2023-53952

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

EUVD-2025-204583

An issue in GT Edge AI Platform Versions before v2.0.10-dev allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window...

CVE-2025-63665

An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window...

CVE-2025-63665

An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window...

CVE-2025-64462

There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

Security Bulletin: Arbitrary Code Execution in Keras

Summary Keras is used by many machine learning frameworks and applications as part of their deep learning infrastructure. Remote attackers can execute arbitrary code, leading to full system compromise, data breaches, and potential lateral movement where the identified vulnerability is present...

CVE-2025-14946

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

UBUNTU-CVE-2025-14946

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

CVE-2025-14946 Libnbd: libnbd: arbitrary code execution via ssh argument injection through a malicious uri

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

CVE-2025-14946

Affects: libnbd (part of libguestfs). Vulnerability arises from parsing of URIs where non-standard hostnames beginning with “-o” are incorrectly treated as SSH arguments rather than hostnames, enabling arbitrary code execution with the privileges of the user running libnbd. According to multiple ...

CVE-2025-13941

A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which...

CVE-2025-13941

A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which...

EUVD-2025-204428

A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which...