120932 matches found
D-Link DIR600L 安全漏洞
D-Link DIR600L is a wireless router for home users, belonging to D-Link's "Cloud Router" series, with an external antenna design, supporting 802.11n standard, with a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L suffers from a buffer overflow vulnerability, which originates fr...
EulerOS 2.0 SP13 : polkit (EulerOS-SA-2025-2274)
According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This...
NewStart CGSL MAIN 7.02 : freetype Vulnerability (NS-SA-2025-0249)
The remote NewStart CGSL host, running version MAIN 7.02, has freetype packages installed that are affected by a vulnerability: - An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse font subglyph structures...
CVE-2025-62498
A relative path traversal ZipSlip vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened...
CVE-2025-62498
CVE-2025-62498 corresponds to a ZipSlip-style relative path traversal in AutomationDirect Productivity Suite 4.4.1.19. Multiple connected sources (Red Hat CVE entry, ENISA EUVD, CVE listing, and PT-Security) describe that an attacker who can tamper with a productivity project can cause arbitrary ...
EUVD-2025-35706
Cross site scripting XSS vulnerability in 17gz International Student service system 1.0 allows attackers to execute arbitrary code via the registration step...
Critical Lanscope Endpoint Manager Bug Exploited in Ongoing Cyberattacks, CISA Confirms
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical security flaw impacting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities KEV catalog, stating it has been actively exploited in the wild. The vulnerability, CVE-2025-61932 CVSS v4...
SUSE CVE-2023-47113
BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been...
CVE-2025-60859
Cross Site Scripting XSS vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted cid parameter in bbs/viewcomment.php...
ChanCMS Code Injection Vulnerability
ChanCMS is a content management system. A code injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which stems from the function getArticle in the file appmodulescmscontrollergather.js that fails to correctly filter the special elements of the constructed snippet. An attacker ca...
17gz International Student service system 安全漏洞
17gz International Student service system is an online system for the enrollment service process from 17gz Inc. A security vulnerability exists in 17gz International Student service system version 1.0, which originates from a cross-site scripting vulnerability in the enrollment step that could le...
AutomationDirect Productivity Suite 安全漏洞
AutomationDirect Productivity Suite is a programmable logic controller programming software from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect Productivity Suite version 4.4.1.19, which stems from a relative path traversal vulnerability that could lead to the executio...
PT-2025-43472
Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A flaw exists in the Framework component of Android operating systems related to insufficient protection of service data. Remote attackers may be able to escalate privileges. Multiple functio...
thunderbird: firefox: Memory safety bugs
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corrupti...
[SECURITY] [DLA 4341-1] gegl security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4341-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler October 22, 2025 https://wiki.debian.org/LTS -...
Deserialization of Untrusted Data
Overview scapy is a Python-based interactive packet manipulation program and library. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the loadsession process. An attacker can execute arbitrary code by convincing a user to load a malicious .pkl.gz session...
EUVD-2025-35596
Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization...
GHSA-CQ46-M9X9-J8W2 Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization
Summary An unsafe deserialization vulnerability in Scapy Internally, this triggers: python main.py SESSION = pickle.loadgzip.opensessionname, "rb" Since no validation or restriction is performed on the deserialized object, any code embedded via reduce will be executed immediately. This makes it...
CVE-2025-23299
NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code...
CVE-2025-62526
OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the ubus daemon. The...