CVE-2025-23283

NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information...

CVE-2025-54752

CVE-2025-54752 affects PowerCMS; vulnerable component is the handling of CSV files where malformed entries can cause embedded code execution when opened by a victim. Root cause cited: improper neutralization of formula elements in a CSV file. Impact described as code execution with user interacti...

icu: Stack buffer overflow in the SRBRoot::addTag function

A stack buffer overflow was found in Internationl components for unicode ICU . While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution...

PT-2025-31487 · Powercms · Powercms

Name of the Vulnerable Software and Affected Versions: PowerCMS affected versions not specified Description: Multiple versions of PowerCMS improperly neutralize formula elements within a CSV file. A malicious user can create a crafted CSV entry. If a victim user downloads and opens this file in...

CVE-2025-7848 Missing input check in lvpict.cpp used in NI LabVIEW

A memory corruption vulnerability due to improper input validation in lvpict.cpp exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior...

PT-2025-31266 · National Instruments · Ni Labview

Name of the Vulnerable Software and Affected Versions: NI LabVIEW versions 2025 Q1 and prior Description: A memory corruption issue exists due to improper input validation in the lvpict.cpp file. Successful exploitation requires a user to open a specially crafted VI, potentially leading to...

PT-2025-31260 · Unknown · Tuleap Community Edition +1

Name of the Vulnerable Software and Affected Versions: Tuleap Community Edition versions prior to 16.9.99.1751892857 Tuleap Enterprise Edition versions prior to 16.8-5 and 16.9-3 Description: Tuleap is an Open Source Suite created to facilitate management of software development and collaboration...

CVE-2025-54412 skops' Inconsistent Trusted Type Validation Enables Hidden `operator` Methods Execution

skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke...

NewStart CGSL MAIN 7.02 : tracker-miners Multiple Vulnerabilities (NS-SA-2025-0139)

The remote NewStart CGSL host, running version MAIN 7.02, has tracker-miners packages installed that are affected by multiple vulnerabilities: - libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of...

NewStart CGSL MAIN 7.02 : git Vulnerability (NS-SA-2025-0169)

The remote NewStart CGSL host, running version MAIN 7.02, has git packages installed that are affected by a vulnerability: - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that...

gdk-pixbuf2 -- a heap buffer overflow

[email protected] reports: A flaw exists in gdk-pixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib’s gbase64encodestep glib/gbase64.c. When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16732)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

PT-2025-30591 · Ibm · Engineering Systems Design Rhapsody

Name of the Vulnerable Software and Affected Versions: IBM Engineering Systems Design Rhapsody versions 9.0.2, 10.0, and 10.0.1 Description: IBM Engineering Systems Design Rhapsody is susceptible to a stack-based buffer overflow due to insufficient bounds checking. A local user can exploit this...

Adobe Commerce Multiple Vulnerabilities (APSB24-61)

The version of Adobe Commerce/Magento Open Source installed on the remote host falls within one of the following ranges 2.4.7.0 2.4.7-p2 Adobe Commerce / 2.4.6.0 2.4.6-p7 Adobe Commerce / 2.4.5.0 2.4.5-p9 Adobe Commerce / 0.x 2.4.4-p10 Adobe Commerce / 2.4.7.0 2.4.7-p2 Magento Open Source / 2.4.6...

CVE-2025-8044

Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141 and Thunderbird 141...

CVE-2025-8040 Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141

Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

CVE-2025-8035 Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141

Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

CVE-2025-8040

Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

CVE-2025-8030 Potential user-assisted code execution in “Copy as cURL” command

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

PT-2025-30479

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 141 Firefox ESR versions prior to 128.13 Firefox ESR versions prior to 140.1 Thunderbird versions prior to 141 Thunderbird versions prior to 128.13 Thunderbird versions prior to 140.1 Description Insufficient escaping...