Linux Distros Unpatched Vulnerability : CVE-2025-62348

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintende...

Linux Distros Unpatched Vulnerability : CVE-2025-33231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA Nsight Systems for Windows contains a vulnerability in the application's DLL loading mechanism where an attacker could cause an uncontrolled search path...

Missing Validation of OpenSSL Certificate

Overview sagemaker is an Open source library for training and deploying models on Amazon SageMaker. Affected versions of this package are vulnerable to Missing Validation of OpenSSL Certificate via the global disabling of SSL certificate verification in the Triton Python backend. An attacker in a...

Crafter CMS has Improper Control of Dynamically-Managed Code Resources

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand

A flaw was found in OpenSSH where the SSH client accepted \0 null characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up...

H2O 安全漏洞

H2O is an open-source memory platform for distributed, scalable machine learning developed by H2O.ai. Version 3.46.0.1 of H2O contains a security vulnerability. This vulnerability allows attackers to write data into arbitrary files on the server using the /3/Parse and /3/Frames/framename/export...

RHEL 9 : gnupg2 (RHSA-2026:1705)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1705 advisory. The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Securi...

Salt security vulnerabilities

Salt is an automated, infrastructure management, data-driven orchestration, and remote execution application within the Salt project. There is a security vulnerability in Salt, which stems from the use of insecure YAML decoding/loading in the junos execution module. This may lead to the execution...

CVE-2026-25061

tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the copyFile function, which fails to validate the dest parameter. An attacker can write files to arbitrary locations on the filesystem by supplying crafted paths, potentially leading to execution of malicious co...

Deserialization of Untrusted Data

Overview torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the loadstatedict function, used during unpickling. An attacker can corrupt heap memory by convincing a user to...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow when parsing a CMS AuthEnvelopedData message. An attacker can trigger a crash by supplying AEAD ciphers such as AES-GCM with malicious initialization vectors. These are encoded in the ASN.1 parameters and...

CVE-2025-11187

Issue summary: PBMAC1 parameters in PKCS12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial o...

CVE-2026-24407

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in icSigCalcOp. This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.25 (SUSE-SU-2026:0218-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0218-1 advisory. Update to go1.25.6 released 2026-01-15 bsc1244485 Security fixes: - CVE-2025-61730: crypto/tls:...

CVE-2025-3839

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this...

CVE-2025-3839

CVE-2025-3839 affects Epiphany. A flaw in how Epiphany opens external URL handler applications with minimal user interaction can be abused to execute code on the client via trusted UI behavior. The root cause is insecure invocation of external handlers, enabling potential remote-looking actions w...

[SECURITY] [DSA 6108-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6108-1 [email protected] https://www.debian.org/security/ Andres Salomon January 22, 2026 https://www.debian.org/security/faq -...

CVE-2025-69209 ArduinoCore-avr has Stack-Based Buffer Overflow in WString Float/Double Constructors

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume th...