CVE-2025-0664

CVE-2025-0664 affects Trellix Endpoint Security HX Agent. A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially causing the agent to load an arbitrary local library and execute code with SYSTEM privileges. Evidence from multiple sources confirms th...

OESA-2025-1868 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

CVE-2025-23270

NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and...

CVE-2025-41236

VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3...

mailcow: dockerized 安全漏洞

mailcow: dockerized is a dockerized mailcow application from mailcow open source. A security vulnerability exists in versions prior to mailcow: dockerized 2025-07 that stems from a server-side template injection in the notification template system that could lead to code execution...

CBL Mariner 2.0 Security Update: helm (CVE-2025-53547)

The version of helm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-53547 advisory. - Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file alon...

CVE-2025-41237 VMCI integer-underflow vulnerability

VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI Virtual Machine Communication Interface that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX...

PT-2025-29586

Name of the Vulnerable Software and Affected Versions VMware ESXi affected versions not specified VMware Workstation affected versions not specified VMware Fusion affected versions not specified Description VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI...

CVE-2025-7519

CVE-2025-7519 is corroborated across EulerOS/OpenVAS/Nessus entries as a polkit flaw: processing an XML policy with 32 or more nested elements can trigger an out-of-bounds write, potentially causing a crash or other unexpected behavior and, per some docs, may allow arbitrary code execution. Explo...

CVE-2025-30402

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f...

CVE-2025-6838

The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported. This makes it possible for authenticated attackers, with Contributor-level access and above, to embed untrusted input into exported CS...

CVE-2020-36849

The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to...

ExecuTorch vulnerable to Heap-based Buffer Overflow attack

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f...

GHSA-H952-963H-RV99 ExecuTorch vulnerable to Heap-based Buffer Overflow attack

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f...

CVE-2025-30402

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f...

CVE-2025-30402

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f...

CVE-2025-30402

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f...

PT-2025-29218 · WordPress · Broken Link Notifier For Wordpress

Name of the Vulnerable Software and Affected Versions: Broken Link Notifier for WordPress versions prior to 1.3.1 Description: The plugin is susceptible to CSV injection through broken links that are exported. This allows authenticated attackers with Contributor-level access or higher to embed...

CVE-2025-43594

InDesign Desktop versions 19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-40740

A vulnerability has been identified in Solid Edge SE2025 All versions V225.0 Update 5. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the curre...