120936 matches found
CVE-2025-62494
A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...
DEBIAN-CVE-2025-62494
A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...
UBUNTU-CVE-2025-62494
A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...
Insecure Deserialization
monai is vulnerable to Insecure Deserialization. The vulnerability is due to loading of untrusted checkpoint files like torch.load used without safe guards. This allows an attacker to supply a crafted checkpoint that executes arbitrary code during deserialization...
CVE-2025-54539
A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...
[SECURITY] [DSA 6026-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6026-1 [email protected] https://www.debian.org/security/ Andres Salomon October 16, 2025 https://www.debian.org/security/faq -...
CVE-2025-11722
The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'categoryaccordionpanel' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
USN-7826-1: Samba vulnerabilities
Andrew Walker discovered that Samba incorrectly initialized memory in the vfsstreamsxattr module. An authenticated attacker could possibly use this issue to obtain sensitive information. CVE-2025-9640 Igor Morgenstern discovered that Samba incorrectly handled names passed to the WINS hook program...
Deserialization Of Untrusted Data
monai is vulnerable to Unsafe Deserialization. The vulnerability is due to the pickleoperations function automatically deserializing dictionary key-value pairs with a specific suffix without any validation, An attackers can supply crafted pickle payloads to execute arbitrary code when those value...
CVE-2025-26860
RemoteCall Remote Support Program for Operator versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...
CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-54253 CVSS score:...
CVE-2011-10033
The WordPress plugin is-human = v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval on user-controlled input, which can lead to execution of...
Delta Electronics ASDA-Soft 安全漏洞
Delta Electronics ASDA-Soft is an AC servo motor from Delta Electronics China. The Delta Electronics ASDA-Soft suffers from a stack buffer overflow vulnerability that is caused by incorrect boundary checking. An attacker could exploit the vulnerability to execute arbitrary code on the system or...
Reolink Video Doorbell Wi-Fi – DB_566128M5MP_W 安全漏洞
Reolink Video Doorbell Wi-Fi - DB566128M5MPW is a visual doorbell from Reolink USA. A security vulnerability exists in Reolink Video Doorbell Wi-Fi - DB566128M5MPW, which stems from insufficient signature verification of a firmware update and could lead to the execution of arbitrary code with roo...
Ilevia EVE X1 Server 安全漏洞
Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server 4.7.18.0.eden and prior versions, which stems from a reflected cross-site scripting vulnerability in index.php that could lead to the execution of arbitrary cod...
PT-2025-42491
Name of the Vulnerable Software and Affected Versions QuickJS affected versions not specified Description A type confusion issue exists in the QuickJS engine related to how the string addition + operation is handled. The issue arises because an attacker can manipulate the type of the left-hand...
CVE-2025-60855
Reolink Video Doorbell WiFi DB566128M5MPW performs insufficient validation of firmware update signatures. This allows attackers to load malicious firmware images, resulting in arbitrary code execution with root privileges. NOTE: this is disputed by the Supplier because the integrity of updates is...
Delta Electronics ASDA-Soft 安全漏洞
Delta Electronics ASDA-Soft is an AC servo motor from Delta Electronics China. The Delta Electronics ASDA-Soft suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on a system or cause an application to crash...
Alibaba Cloud Linux 3 : 0157: compat-libtiff3 (ALINUX3-SA-2025:0157)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0157 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-9900: A flaw was found in Libtiff. This...
CVE-2025-61514
CVE-2025-61514 affects SageMath, Inc. CoCalc prior to the fix commit 0d2ff58, where an attacker can upload a crafted SVG file to achieve arbitrary code execution. The issue is triggered by an arbitrary file upload vulnerability in the CoCalc front-end/back-end stack, enabling code execution on th...