Adobe InCopy Heap Buffer Overflow Vulnerability

Adobe InCopy is a text editing software for creative writing from the American company Audobee Adobe. Adobe InCopy suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code execution in the current user environment...

Adobe Substance3D Stager Memory Misreference Vulnerability

Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Substance3D Stager, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-140.5.0esr-i686-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. For...

Slackware: Security Advisory (SSA:2025-316-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2025-40201

In the Linux kernel, the following vulnerability has been resolved: kernel/sys.c: fix the racy usage of tasklocktsk-groupleader in sysprlimit64 paths The usage of tasklocktsk-groupleader in sysprlimit64-doprlimit path is very broken. sysprlimit64 does gettaskstructtsk but this only protects...

EUVD-2025-131923

A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2025-40148 drm/amd/display: Add NULL pointer checks in dc_stream cursor attribute functions

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL pointer checks in dcstream cursor attribute functions The function dcstreamsetcursorattributes currently dereferences the stream pointer and nested members stream-ctx-dc-currentstate without checking for...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990769)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990769 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: clear outcurr if all frag chunks of current msg are pruned A crash was reported by Zhen Che...

Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2025-316-01)

The version of mozilla-thunderbird installed on the remote host is prior to 140.5.0esr. It is, therefore, affected by a vulnerability as referenced in the SSA:2025-316-01 advisory. New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Tenable has...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-140.5.0esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...

MAL-2025-132656 Malicious code in current_toad_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d54b5b2c772e76f6f43277f88ed5d636ccc212b46187e249b2ed7c6830d3e568 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-61838

Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-61819

Photoshop Desktop versions 26.8.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-61832 InDesign Desktop | Heap-based Buffer Overflow (CWE-122)

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Malicious code in current_felidae_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf6a07061d46208851fa5084da3f780d8578a7b0a97f7df7d5b0ca5591eacbdf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-92630

Malicious code in currentfelidaez3n npm...

EUVD-2025-92628

Malicious code in currentherringz3n npm...

Malicious code in current_crow_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3932af8b701605c0ad8f077d14427d801e82189da7f5f96f1db3311d89500362 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-79481

Malicious code in currentcrowz3n npm...

EUVD-2025-82302

Malicious code in currenttermitereplicateautomation npm...