Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: golang (UTSA-2026-016816)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016816 advisory. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath , ., and .., can result in th...

SUSE CVE-2026-40527

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

EUVD-2025-7658

Malicious code in bioql PyPI...

Insecure File Upload

typo3/cms-core is vulnerable to Insecure File Upload. The vulnerability is due to the file management module, allows an attacker to upload potentially dangerous or misleading files. Such as executable binaries or files with mismatched extensions and MIME types...

TYPO3 Allows Unrestricted File Upload in File Abstraction Layer

Problem By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be...

SAP NetWeaver Unrestricted File Upload Vulnerability

SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries...

CVE-2025-31324

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availabili...

SAP NetWeaver Visual Composer Metadata Uploader File Upload Vulnerability

SAP NetWeaver Visual Composer Metadata Uploader is a tool for modeling assistance from SAP. A file upload vulnerability exists in SAP NetWeaver Visual Composer Metadata Uploader. The vulnerability is due to an unauthenticated agent uploading potentially malicious executable binaries because the...

CVE-2025-31324

CVE-2025-31324 affects SAP NetWeaver Visual Composer Metadata Uploader (VCFRAMEWORK). Unauthenticated uploads to /developmentserver/metadatauploader allow remote code execution with SAP service user privileges (RCE in VCFRAMEWORK) and can compromise confidentiality, integrity, and availability. C...

CVE-2025-31324 Missing Authorization check in SAP NetWeaver (Visual Composer development server)

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availabili...

CVE-2025-24796

Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typically hosts each document instance within a jail and is allowed to download content from locations...

CVE-2025-24796

Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typically hosts each document instance within a jail and is allowed to download content from locations...

CVE-2025-24796 Remote Code Execution within Collabora Online jail with Macros Enabled

Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typically hosts each document instance within a jail and is allowed to download content from locations...

CVE-2025-24796 Remote Code Execution within Collabora Online jail with Macros Enabled

Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typically hosts each document instance within a jail and is allowed to download content from locations...

shim: out of bounds read when parsing MZ binaries

A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase...

Malicious Package

Overview pippytest is a malicious package. This is one of 12 malicious packages created by the same actor and discovered by Snyk. It downloads and executes malicious exe files containing malicious code that attempts to steal information from Google Chrome, tokens from Discord, and Injects a Disco...

Malicious Package

Overview cyphers is a malicious package. This is one of 12 malicious packages created by the same actor and discovered by Snyk. It downloads and executes malicious exe files containing malicious code that attempts to steal information from Google Chrome, tokens from Discord, and Injects a Discord...

Design/Logic Flaw

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

Ubuntu 16.04 LTS / 18.04 LTS : Firefox vulnerabilities (USN-3991-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3991-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could...

Advisory: mailman local compromise

Author : Stan Bubrouski Date : August 1, 2000 Package : mailman Versions affected : 2.0beta3 released: 2000-Jun-28 23:25 2.0beta4 released: 2000-Jul-06 21:27 Severity : access to group mailman binaries are installed as which usually mailman. Most directories in a mailman install are mode 2755 as...