CVE-2025-6170 Libxml2: stack buffer overflow in xmllint interactive shell command handling

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare...

CVE-2025-36632 Local Privilege Escalation

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege...

TencentOS Server 3: zsh (TSSA-2022:0225)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0225 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: rsyslog (TSSA-2022:0137)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0137 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 4: hdf5 (TSSA-2025:0023)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0023 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: ntfs-3g (TSSA-2024:1019)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1019 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 2: gstreamer1-plugins-bad-free (TSSA-2024:0004)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0004 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

CVE-2025-49191

Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to...

CVE-2025-2474

Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec...

CVE-2025-49191 Dashboards and iFrames can link malicious web content

Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to...

PT-2025-25282 · Unknown · Updatenaviinstallservice Service +1

Name of the Vulnerable Software and Affected Versions: UpdateNavi versions 1.4 L10 through 1.4 L33 UpdateNaviInstallService Service versions 1.2.0091 through 1.2.0125 Description: The issue exists due to improper restriction of communication channel to intended endpoints. If a local authenticated...

EulerOS 2.0 SP13 : freetype (EulerOS-SA-2025-1613)

According to the versions of the freetype package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse font...

CVE-2025-32710

CVE-2025-32710 refers to a Use-After-Free vulnerability in Windows Remote Desktop Services that allows a network-based attacker to execute code on affected systems. The CVE is linked to Windows RDS components; the Nessus plugin notes it alongside CVE-2025-32715, and an exploit repo exists, but ex...

CVE-2025-47108 Substance3D - Painter | Out-of-bounds Write (CWE-787)

Substance3D - Painter versions 11.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2025-24594 · Sap · Sap S/4Hana

Name of the Vulnerable Software and Affected Versions: SAP S/4HANA affected versions not specified Description: The issue is related to a missing authorization check in the Enterprise Event Enablement component. An attacker with access to the Inbound Binding Configuration can create an RFC...

Medium: libcufft-12-9

Issue Overview: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this...

Medium: cuda-nsight-compute-12-9

Issue Overview: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update ...

PT-2025-24528 · Unknown · Unfoldwp Blogbyte

Name of the Vulnerable Software and Affected Versions: Unfoldwp Blogbyte versions 1.1.1 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion...

RHEL 8 : thunderbird (RHSA-2025:8630)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8630 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Out-of-bounds access when resolving...