CVE-2025-34193

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 include Windows client components PrinterInstallerClientInterface.exe, PrinterInstallerClient.exe, PrinterInstallerClientLauncher.exe that lack modern compile-time and...

CVE-2025-10058 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Authenticated (Subscriber+) Arbitrary File Deletion

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the uploadfunction function in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with...

EulerOS 2.0 SP12 : polkit (EulerOS-SA-2025-2021)

According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This...

PYSEC-2025-141

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in modeldict = torch.loadfullpath, maplocation=torch.devicedevice, weightsonly=True in monai/bundle/scripts.py , weightsonly=True is loaded securely. However, insecure loading method...

PYSEC-2025-142

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the pickleoperations function in monai/data/utils.py automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using pickle.loads . This...

MONAI 安全漏洞

MONAI is a medical imaging AI toolkit open-sourced by Project MONAI. A security vulnerability exists in MONAI 1.5.0 and earlier versions, which stems from mishandling of the pickleoperations function and could lead to a deserialization vulnerability and code execution...

PT-2025-36678

Name of the Vulnerable Software and Affected Versions: Goza - Nonprofit Charity WordPress Theme versions through 3.2.2 Description: The Goza - Nonprofit Charity WordPress Theme is susceptible to arbitrary file deletion due to inadequate file path validation within the alone import pack restore da...

CVE-2025-58756 MONAI's unsafe torch usage may lead to arbitrary code execution

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in modeldict = torch.loadfullpath, maplocation=torch.devicedevice, weightsonly=True in monai/bundle/scripts.py , weightsonly=True is loaded securely. However, insecure loading method...

Arbitrary File Upload

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary File Upload via the ChatTrigger component. An attacker can execute arbitrary code by uploading a crafted HTML file. Remediation Upgrade n8n-nodes-base to version 1.105.0 or higher...

CVE-2025-58374 Roo Code: Auto-approve allows npm install execution of malicious postinstall scripts

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve is enabled, and npm install is included in that list. Because npm install executes lifecycle...

PyPI publish GitHub Action vulnerable to injectable expression expansions in action steps

Summary gh-action-pypi-publish makes use of GitHub Actions expression expansions i.e. $ ... in contexts that are potentially attacker controllable. Depending on the trigger used to invoke gh-action-pypi-publish, this may allow an attacker to execute arbitrary code within the context of a workflow...

CVE-2025-57846

Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges...

Security update for postgresql15

This update for postgresql15 fixes the following issues: Upgrade to 15.14: CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc1248120. CVE-2025-8714: untrusted data inclusion in pgdump lets superuser of origin server execute arbitrary code in...

thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs are present in the following versions: Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141, a...

Linux Distros Unpatched Vulnerability : CVE-2021-31800

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and...

Linux Distros Unpatched Vulnerability : CVE-2023-40890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack-based buffer overflow vulnerability exists in the lookupsequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure...

Linux Distros Unpatched Vulnerability : CVE-2024-46461

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms strea...

Linux Distros Unpatched Vulnerability : CVE-2022-0545

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacke...

Picklescan has a missing detection when calling built-in python code.InteractiveInterpreter

Summary Using code.InteractiveInterpreter.runcode, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to code.InteractiveInterpreter.runcode function in reduce meth...

PT-2025-34804 · Nvidia · Nvidia Nemo Framework

Name of the Vulnerable Software and Affected Versions: NVIDIA NeMo Framework affected versions not specified Description: The NVIDIA NeMo Framework contains an issue in the NLP component that could allow an attacker to inject code through maliciously crafted data. A successful exploit may lead to...