Alibaba Cloud Linux 3 : 0177: mingw-libtiff (ALINUX3-SA-2025:0177)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0177 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-8176: A vulnerability was found i...

Dell ControlVault3 CvManager_SBI buffer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2188 Dell ControlVault3 CvManagerSBI buffer overflow vulnerability November 17, 2025 CVE Number CVE-2025-32089 SUMMARY A buffer overflow vulnerability exists in the CvManagerSBI functionality of Dell ControlVault3 5.14.3.0 and 5.15.10.14, A31. A specially...

[SECURITY] [DSA 6059-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6059-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 16, 2025 https://www.debian.org/security/faq -...

[SECURITY] [DLA 4372-1] thunderbird security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4372-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 16, 2025 https://wiki.debian.org/LTS -...

Debian dsa-6059 : thunderbird - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6059 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6059-1 [email protected]...

Debian dla-4372 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4372 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4372-1 [email protected]...

AWS VDP: Command Injection on Amazon Q Developer CLI via malicious .amazonq/mcp.json leads to arbitrary code execution

Asset URL: https://github.com/aws/amazon-q-developer-cli/ Summary: Running Q chat from Amazon Q Developer CLI from an attacker-controlled repository/directory that contains a crafted .amazonq/mcp.json enables arbitrary command injection/execution. Amazon Q Developer CLI automatically loads and...

CVE-2025-11918

Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability...

SUSE CVE-2025-59840

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...

CVE-2025-43515

The issue was addressed by refusing external connections by default. This issue is fixed in Compressor 4.11.1. An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code...

CVE-2025-63680

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...

CVE-2025-13204

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

CVE-2025-13204

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

CVE-2025-13204 CVE-2025-13204

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

EUVD-2025-197614

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

CVE-2025-13204 CVE-2025-13204

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

CVE-2024-42749

Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows a local attacker to execute arbitrary code via a crafted script...

CVE-2025-11918 Rockwell Automation Arena® Simulation Stack-Based Buffer Overflow Vulnerability

Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability...

Arbitrary Code Execution(ACE)

Expr-eval is vulnerable to Arbitrary Code ExecutionACE. The vulnerability is due to insufficient input validation in the evaluate function, which allows an attacker to supply a crafted variables object and execute arbitrary code...

CVE-2025-60695

A stack-based buffer overflow vulnerability exists in the mtkdut binary of Linksys E7350 routers Firmware 1.1.00.032. The function sub4045A8 reads up to 256 bytes from /sys/class/net/%s/address into a local buffer and then copies it into caller-provided buffer a1 using strcpy without boundary...