RLSA-2024:10218 Moderate: perl-App-cpanminus security update

Why? It's dependency free, requires zero configuration, and stands alone but it's maintainable and extensible with plug-ins and friendly to shell scripting. When running, it requires only 10 MB of RAM. Security Fixes: perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution...

RLSA-2024:9114 Moderate: gnome-shell and gnome-shell-extensions security update

GNOME Shell acts as a compositing manager for the desktop, and displays both application windows and other objects. It provides core interface functions like switching windows, launching applications, and notifications. It takes advantage of the capabilities of modern graphics hardware and...

CVE-2025-26260

Plenti = 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution...

Qiskit allows arbitrary code execution decoding QPY format versions < 13

Impact A maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats 13. A python process calling Qiskit's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded in the corre...

Adobe Substance 3D Designer Out-of-Bounds Write Vulnerability (CNVD-2025-05200)

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Substance 3D Designer 14.1 and earlier versions, which can be exploited by an attacker to execute arbitrary code in the context of the current user...

CVE-2025-2020

Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must...

CVE-2025-2016

Ashlar-Vellum Cobalt VC6 File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visi...

CVE-2025-24439

Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-26645

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

Improper Verification Of Cryptographic Signature

dotnet-debugger-extensions, dotnet-dump and dotnet-sos are vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to insufficient validation mechanisms, allowing an authorized attacker to execute code over a network...

Google Chrome Code Execution Vulnerability (CNVD-2025-05085)

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome prior to version 134.0.6998.88, which stems from type obfuscation in V8 and can be exploited by an attacker to execute arbitrary code on a system...

CVE-2025-26260

Summary: CVE-2025-26260 affects Plenti

CVE-2025-2023 Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must vis...

CVE-2025-26645 Remote Desktop Client Remote Code Execution Vulnerability

...

CVE-2025-26629 Microsoft Office Remote Code Execution Vulnerability

...

CVE-2025-24084 Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability

...

CVE-2025-24079 Microsoft Word Remote Code Execution Vulnerability

...

CVE-2025-27393

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly sanitize user input when creating new users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device...

CVE-2025-23401

A vulnerability has been identified in Teamcenter Visualization V14.3 All versions V14.3.0.13, Teamcenter Visualization V2312 All versions V2312.0009, Teamcenter Visualization V2406 All versions V2406.0007, Teamcenter Visualization V2412 All versions V2412.0002, Tecnomatix Plant Simulation V2302...

CVE-2025-27438

CVE-2025-27438 affects Siemens Teamcenter Visualization and Tecnomatix Plant Simulation products. The issue is an out-of-bounds/read past end of an allocated structure while parsing specially crafted WRL files, leading to potential code execution in the current process. Affected versions include ...