CVE-2025-64507

CVE-2025-64507 affects Incus/LXD: in versions prior to 6.0.6 and 6.19.0 an unprivileged user who can access a container and a host with a custom storage volume that has security.shifted=true may create a setuid binary inside the container and execute it on the host to gain root. The issue require...

EUVD-2025-50803

An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows authenticated attackers with low-level privileges to escalate privileges to Administrator via replacing the uninstall file with a crafted binary in the installation folder...

CVE-2025-56503

An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows authenticated attackers with low-level privileges to escalate privileges to Administrator via replacing the uninstall file with a crafted binary in the installation folder. NOTE: this is disputed by the Supplier because replacing the...

[SECURITY] Fedora 43 Update: uv-0.9.7-2.fc43

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

F5 WAF For NGINX Installed (Linux)

Binary data f5waffornginxnixinstalled.nbin...

Motex LanScope Endpoint Manager Client (MR) Installed (Windows)

Binary data motexlanscopeendpointmanagerclientinstalled.nbin...

CVE-2025-56503

An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows authenticated attackers with low-level privileges to escalate privileges to Administrator via replacing the uninstall file with a crafted binary in the installation folder. NOTE: this is disputed by the Supplier because replacing the...

CVE-2025-56503

The CVE-2025-56503 entry concerns Sublime Text 4 (build 4200). Affected component is the installer/uninstall mechanism, where a crafted binary placed in the installation folder can replace the uninstall file, purportedly enabling privilege escalation to Administrator for authenticated, low-privil...

CVE-2025-56503

An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows authenticated attackers with low-level privileges to escalate privileges to Administrator via replacing the uninstall file with a crafted binary in the installation folder. NOTE: this is disputed by the Supplier because replacing the...

Wapiti Web Application Vulnerability Scanner 3.2.9

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the binary release...

PT-2025-46210

Name of the Vulnerable Software and Affected Versions Incus versions prior to 6.0.6 Incus versions prior to 6.19.0 Description Incus is a system container and virtual machine manager. An issue affects any Incus user in an environment where an unprivileged user may have root access to a container...

CVE-2025-64486

calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve...

DEBIAN-CVE-2025-64486

calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve...

CVE-2025-64486 calibre is vulnerable to arbitrary code execution when opening FB2 files

calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve...

CVE-2025-64486 calibre is vulnerable to arbitrary code execution when opening FB2 files

calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve...

EUVD-2025-38333

calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve...

CVE-2025-64486 calibre is vulnerable to arbitrary code execution when opening FB2 files

calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve...

CVE-2025-10885

A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM...

wcurl Installed (macOS)

Binary data macoswcurlinstalled.nbin...

EUVD-2025-38147

A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM...