Display Painéis TGA 路径遍历漏洞

Display Painéis TGA is a queuing system from the Brazilian company Display Painéis. A path traversal vulnerability exists in Display Painéis TGA 7.1.41 and earlier versions, which stems from incorrect manipulation of the parameter currentfolder in the file /gallery/rename, which can lead to path...

Adobe Substance3D Viewer Heap Buffer Overflow Vulnerability

Adobe Substance3D Viewer is a stand-alone desktop application for viewing and editing 3D files from Audobee Adobe USA. Adobe Substance3D Viewer suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

PT-2025-37134

Name of the Vulnerable Software and Affected Versions: BeyondCart Connector plugin for WordPress versions 1.4.2 through 2.1.0 Description: The BeyondCart Connector plugin for WordPress is susceptible to privilege escalation due to improper JWT JSON Web Token secret management and authorization...

[slackware-security] libssh

New libssh packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libssh-0.11.3-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Fix NULL pointer dereference after allocation failure...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2025-2060)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware Linux 15.0 / current libssh Multiple Vulnerabilities (SSA:2025-252-01)

The version of libssh installed on the remote host is prior to 0.11.3. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-252-01 advisory. New libssh packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the precedin...

CVE-2025-54257

Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

MAL-2025-47042 Malicious code in @oneaudi/current-carline-service (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b77e10b2c8fadd6564fa2d63929c857354fa99ea046ea16c534546016899926 Any computer that has this package installed or running should be considered...

Adobe Substance3D Modeler 资源管理错误漏洞

Adobe Substance3D Modeler is a 3D modeling software from the American company Audobee Adobe. A code execution vulnerability exists in Adobe Substance3D Modeler, which can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Substance3D Viewer 缓冲区错误漏洞

Adobe Substance3D Viewer is a stand-alone desktop application for viewing and editing 3D files from Audobee Adobe USA. Adobe Substance3D Viewer suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the current user's environment...

MAL-2025-43684 Malicious code in cage-farm-current (npm)

The package cage-farm-current was found to contain malicious code...

Malicious code in cage-farm-current (npm)

The package cage-farm-current was found to contain malicious code...

envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.

...

Slackware: Security Advisory (SSA:2025-242-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] udisks2

New udisks2 packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/udisks2-2.9.4-i586-2slack15.0.txz: Rebuilt. This update fixes a security issue where an attacker can cause the UDisks daemon to cras...

CVE-2024-39335

Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the 'Current submissions' page: Administration - Groups - Submissions...

CVE-2010-10017 WM Downloader 3.1.2.2 Buffer Overflow via Malformed M3U File

WM Downloader version 3.1.2.2 is vulnerable to a buffer overflow when processing a specially crafted .m3u playlist file. The application fails to properly validate input length, allowing an attacker to overwrite structured exception handler SEH records and execute arbitrary code. Exploitation...

PT-2025-35369

Name of the Vulnerable Software and Affected Versions: WM Downloader version 3.1.2.2 Description: WM Downloader version 3.1.2.2 is susceptible to a buffer overflow when handling a crafted .m3u playlist file. Insufficient input length validation allows overwriting of structured exception handler S...

Linux Distros Unpatched Vulnerability : CVE-2025-4215

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the...

Mahara 24.04 < 24.04.1, 23.04 < 23.04.6 Information Disclosure Vulnerability

Mahara is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mahara:mahara"; if...