CVE-2025-64469 Stack-based Buffer Overflow in LVResource::DetachResource() in NI LabVIEW

There is a stack-based buffer overflow vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially...

CVE-2025-64467

NI LabVIEW

CVE-2025-64466 Out-of-Bounds Read in lvre!ExecPostedProcRecPost() in NI LabVIEW

There is an out of bounds read vulnerability in NI LabVIEW in lvre!ExecPostedProcRecPost when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...

CVE-2025-64465

CVE-2025-64465 is an out-of-bounds read in NI LabVIEW’s lvre!DataSizeTDR() when parsing a corrupted VI file. Affected: NI LabVIEW 2025 Q3 (25.3) and earlier. Impact: information disclosure or arbitrary code execution if a user opens a specially crafted VI. Exploitation condition: user interaction...

CVE-2025-64465 Out-of-Bounds Read in lvre!DataSizeTDR() in NI LabVIEW

There is an out of bounds read vulnerability in NI LabVIEW in lvre!DataSizeTDR when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This...

CVE-2025-64464 Out-of-Bounds Read in lvre!VisaWriteFromFile() in NI LabVIEW

There is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. Th...

CVE-2025-64464

NI LabVIEW is affected by an out-of-bounds read in lvre!VisaWriteFromFile() when parsing a corrupted VI file. Successful exploitation may disclose information or allow arbitrary code execution; exploitation requires a user to open a crafted VI. Impact described for LabVIEW 2025 Q3 (25.3) and earl...

CVE-2025-64463 Out-of-Bounds Read in LVResource::DetachResource() in NI LabVIEW

There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...

CVE-2025-64462 Out-of-Bounds Read in LVResFile::RGetMemFileHandle() in NI LabVIEW

There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

CVE-2025-64462 Out-of-Bounds Read in LVResFile::RGetMemFileHandle() in NI LabVIEW

There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

CVE-2025-14861

Firefox versions prior to 146.0.1 are affected by memory safety bugs (CVE-2025-14861) that can lead to memory corruption and, with enough effort, arbitrary code execution. The issue is fixed in Firefox 146.0.1; affected products include Firefox

CVE-2025-14861 Memory safety bugs fixed in Firefox 146.0.1

Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146.0.1...

CVE-2025-14861

Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146.0.1...

[SECURITY] [DLA 4414-1] webkit2gtk security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4414-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 18, 2025 https://wiki.debian.org/LTS -...

CVE-2025-13641 Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 3.59.12 - Authenticated (Contributor+) Local File Inclusion via 'template'

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.59.12 via the 'template' shortcode parameter. This is due to insufficient path validation that allows absolute paths to be provided...

[SECURITY] [DSA 6083-1] webkit2gtk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6083-1 [email protected] https://www.debian.org/security/ Alberto Garcia December 18, 2025 https://www.debian.org/security/faq -...

Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem

Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.0 Vulnerability Details CVEID:CVE-2025-12735 DESCRIPTION: The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined...

CVE-2025-60070 WordPress Molla - Multipurpose Responsive Shopify theme <= 1.5.13 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in The4 Molla molla allows Code Injection.This issue affects Molla: from n/a through = 1.5.13...

CVE-2025-60068 WordPress Javo Core plugin <= 3.0.0.266 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in javothemes Javo Core javo-core allows Code Injection.This issue affects Javo Core: from n/a through = 3.0.0.266...

CVE-2025-60070 WordPress Molla - Multipurpose Responsive Shopify theme <= 1.5.13 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in The4 Molla molla allows Code Injection.This issue affects Molla: from n/a through = 1.5.13...