Mozilla Firefox ESR < 115.27

The version of Firefox ESR installed on the remote Windows host is prior to 115.27. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-65 advisory. - Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,...

Linux Distros Unpatched Vulnerability : CVE-2023-42970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari...

Mozilla Thunderbird < 128.14

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 128.14. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-71 advisory. - Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox E...

Linux Distros Unpatched Vulnerability : CVE-2024-47540

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the...

UltraVNC < 1.2.2.4 Multiple Vulnerabilities

The version of UltraVNC Service installed on the remote Windows host is prior to 1.2.2.4. It is, therefore, affected by multiple vulnerabilities: - UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This...

Linux Distros Unpatched Vulnerability : CVE-2024-24821

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation ...

Linux Distros Unpatched Vulnerability : CVE-2022-3775

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. ...

Linux Distros Unpatched Vulnerability : CVE-2019-5063

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause...

Linux Distros Unpatched Vulnerability : CVE-2020-28617

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead ...

Linux Distros Unpatched Vulnerability : CVE-2022-22817

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could al...

CVE-2025-8142 Soledad <= 8.6.7 - Authenticated (Contributor+) Local File Inclusion via 'header_layout'

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'headerlayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the serve...

CVE-2025-8142 Soledad <= 8.6.7 - Authenticated (Contributor+) Local File Inclusion via 'header_layout'

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'headerlayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the serve...

PT-2025-33487 · Autodesk · Autocad

Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD affected versions not specified Description: A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can trigger an uninitialized variable issue. A malicious actor can leverage this to cause a crash, read...

Linux Distros Unpatched Vulnerability : CVE-2018-5150

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume...

CVE-2025-49573

Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2025-33298 · Rockwell Automation · Studio 5000 Logix Designer

Name of the Vulnerable Software and Affected Versions: Studio 5000 Logix Designer affected versions not specified Description: A security issue exists in Studio 5000 Logix Designer related to unsafe handling of environment variables. When a specified path does not contain a valid file, the softwa...

CVE-2025-4277

Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level...

CVE-2025-54213

Adobe InDesign Desktop is affected by CVE-2025-54213: an out-of-bounds write vulnerability in InDesign Desktop versions 20.4 and 19.5.4 and earlier could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). The issue...

GHSA-C9RC-MG46-23W3 Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality

Summary It is possible to bypass the mitigation introduced in response to CVE-2025-1550, when an untrusted Keras v3 model is loaded, even when “safemode” is enabled, by crafting malicious arguments to built-in Keras modules. The vulnerability is exploitable on the default configuration and does n...

CVE-2025-49563 Illustrator | Out-of-bounds Write (CWE-787)

Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...