PT-2025-48141

Name of the Vulnerable Software and Affected Versions Cursor affected versions not specified Description An improper neutralization of special elements used in an OS command 'command injection' exists in Cursor. This allows an unauthorized attacker to execute commands that are outside of those...

PT-2025-48128

Name of the Vulnerable Software and Affected Versions affected versions not specified Description An out-of-bound write can lead to arbitrary code execution. Even on devices with some form of memory protection, this can still lead to a crash and a resultant denial of service. Recommendations At t...

JLSEC-2025-313 A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c

A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow...

[SECURITY] [DSA 6062-1] pdfminer security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6062-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 25, 2025 https://www.debian.org/security/faq -...

CVE-2025-61168

An issue in the cmsrest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file...

CVE-2025-61168

An issue in the cmsrest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file...

CVE-2025-65085

A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code...

Path Traversal

mattermost is vulnerable to Path Traversal. The vulnerability is due to improper validation of the import directory path, where malicious plugins can be placed into the prepackaged plugins directory, and attacker with admin access can exploit this to execute arbitrary code on the server...

xorg: xmayland: Use-after-free in XPresentNotify structure creation

A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an...

Multiple vulnerabilities in Security Point (Windows) of MaLion

Overview Security Point Windows of MaLion provided by Intercom, Inc. contains multiple vulnerabilities listed below. Incorrect default permissions CWE-276 - CVE-2025-59485 Stack-based buffer overflow in processing HTTP headers CWE-121 - CVE-2025-62691 Heap-based buffer overflow in processing...

Rockwell Automation Arena Simulation

RISK EVALUATION Successful exploitation of this vulnerability could allow local attackers to execute arbitrary code on affected installations of Arena. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...

Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

EUVD-2025-199013

An issue in Blurams Lumi Security Camera A31C v23.1227.472.2926 allows local physical attackers to execute arbitrary code via overriding the bootloader on the SD card...

Ashlar-Vellum多款产品 安全漏洞

Ashlar-Vellum Xenon and others are products of Ashlar-Vellum.Ashlar-Vellum Xenon is a CAD modeling software.Ashlar-Vellum Cobalt is a parametric-based computer-aided design and 3D modeling program.Ashlar-Vellum Argon is A 2D drafting and 3D modeling software. A security vulnerability exists in...

PT-2025-48070

An issue in the cms rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file...

ASUS MyASUS 安全漏洞

ASUS MyASUS is an official ASUS PC application from Asus China Inc. A security vulnerability exists in ASUS MyASUS, which originates from a recovery mechanism elevation of privilege that could result in arbitrary files being executed with SYSTEM privileges...

Ilevia EVE X1 Server 安全漏洞

Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server v4.7.18.0.eden and prior versions, which stems from a cross-site request forgery in the bhwebbackend component and could lead to arbitrary code execution...

CVE-2025-61168

An issue in the cmsrest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file...

SIGB PMB 安全漏洞

SIGB PMB is an open source integrated library management system from SIGB. A security vulnerability exists in SIGB PMB version v8.0.1.14, which originates when the component cmsrest.php deserializes an arbitrary file, which could lead to the execution of arbitrary code...

Intercom MaLion Security Point 安全漏洞

Intercom MaLion Security Point is an asset management and information leakage prevention software from Intercom Japan. A security vulnerability exists in Intercom MaLion Security Point versions prior to 5.3.4, which stems from improper default permissions and could lead to arbitrary code executio...