Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : CUPS vulnerability (USN-7897-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7897-1 advisory. It was discovered that CUPS incorrectly handled input from users in the web configuration settings...

Debian dsa-6065 : krita - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6065 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6065-1 [email protected] https://www.debian.org/security/...

CVE-2025-64772

The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...

CVE-2025-13658

A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges...

Arbitrary Code Injection

Overview ultralytics is an Ultralytics YOLOv8 for SOTA object detection, multi-object tracking, instance segmentation, pose estimation and image classification. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe use of eval on attacker-controllable strings. Th...

Arbitrary Code Injection

Overview pywikibot is a Python MediaWiki Bot Framework Affected versions of this package are vulnerable to Arbitrary Code Injection via the readPassword method in pywikibot.login, which used eval on password file entries. Each non-empty, non-comment line from the configured password file was...

Arbitrary Code Injection

Overview agentc is a The front-facing package for the Couchbase Agent Catalog project. Affected versions of this package are vulnerable to Arbitrary Code Injection due to unsafe rendering of Jinja templates without automatic escaping. The Jinja environment is initialized without autoescape=True,...

EUVD-2025-200111

Grav is Vulnerable to Security Sandbox Bypass with SSTI Server Side Template Injection...

CVE-2025-66299

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection SSTI that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing the existing security sandbox. Since the security sandbox...

CVE-2025-11772

A carefully crafted DLL, copied to C:\ProgramData\Synaptics folder, allows a local user to execute arbitrary code with elevated privileges during driver installation...

CVE-2025-11772 Co-Installer Privilege Escalation

A carefully crafted DLL, copied to C:\ProgramData\Synaptics folder, allows a local user to execute arbitrary code with elevated privileges during driver installation...

CVE-2025-61228

An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism...

xorg: xmayland: Use-after-free in XPresentNotify structure creation

A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an...

USN-7899-1 binutils vulnerabilities

It was discovered that GNU binutils could be forced to perform an out- of-bounds read in certain instances. An attacker with local access to a system could possibly use this issue to cause a denial of service. CVE-2025-11839, CVE-2025-11840 It was discovered that GNU binutils incorrectly handled...

CVE-2025-65675

Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures...

Arbitrary Code Execution

melisplatform/melis-cms-slider is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient validation of uploaded files, where the mcsdetailimg parameter in the saveDetailsForm endpoint accepts malicious file uploads, and attackers can exploit this to upload executable...

kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()

A vulnerability has been identified in the Linux kernel's Network File System NFS daemon that could allow for a Denial of Service and in worst case scenario Arbitrary Code Execution. This Use-After-Free flaw arises from a race condition when the kernel handles the confirmation of an NFS client...

kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()

A vulnerability has been identified in the Linux kernel's Network File System NFS daemon that could allow for a Denial of Service and in worst case scenario Arbitrary Code Execution. This Use-After-Free flaw arises from a race condition when the kernel handles the confirmation of an NFS client...

CVE-2025-41700 CODESYS Development System - Deserialization of Untrusted Data

An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context...

CVE-2025-41700

The CVE-2025-41700 entry concerns CODESYS Development System. The connected sources describe a vulnerability where an unauthenticated attacker can cause arbitrary code execution by tricking a local user into opening a specially crafted CODESYS project file, with code executed in the user’s contex...