📄 Malicious XDG Desktop File

This Metasploit module creates a malicious XDG Desktop .desktop file. On most modern systems, desktop files are not trusted by default. The user will receive a warning prompt that the file is not trusted when running the file, but may choose to run the file anyway. The default file manager...

Liquidfiles 安全漏洞

Liquidfiles is a storage service for large-scale secure file transfer and sharing for companies and organizations from US-based Liquidfiles, Inc. A security vulnerability exists in Liquidfiles versions prior to 4.1.2 that stems from directory traversal that can be achieved by configuring local...

CVE-2025-46094

LiquidFiles is affected prior to version 4.1.2 by a directory traversal vulnerability triggered when the pathname of a local executable file is configured as an Actionscript. The issue exposes risk to confidentiality (Low) and integrity (Low) with no availability impact in the CVE metrics. Concre...

Agnitum Outpost Internet Security 安全漏洞

Agnitum Outpost Internet Security is an Internet security suite from the Russian company Agnitum. A security vulnerability exists in Agnitum Outpost Internet Security version 8.1, which stems from a directory traversal issue in the acs.exe component that could lead to the execution of arbitrary...

CVE-2025-36010

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock...

CVE-2025-36010 IBM Db2 for Linux denial of service

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock...

CVE-2025-36010 IBM Db2 for Linux denial of service

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock...

CVE-2025-6241 CVE-2025-6241

LsiAgent.exe, a component of SysTrack from Lakeside Software, attempts to load several DLL files which are not present in the default installation. If a user-writable directory is present in the SYSTEM PATH environment variable, the user can write a malicious DLL to that directory with arbitrary...

CVE-2025-4130

Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable. This issue affects PAVO Pay: before 13.05.2025...

The vulnerability of Yandex.Disk’s cloud storage service for the iOS operating system, related to the use of an unreliable search path, allows a hacker to interrupt the search order in order to replace the executable file.

The vulnerability of Yandex.Disk’s cloud storage service for the iOS operating system is related to the use of an unreliable search path. Exploiting this vulnerability could allow a attacker to intercept the search order in order to replace the executable file with a malicious one...

OESA-2025-1853 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the functi...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.12 MFSA 2025-55, bsc1244670: CVE-2025-6424: Use-after-free in FontFaceSet bmo1966423 CVE-2025-6425: The WebCompat WebExtension shipped exposed a persistent UUID bmo1717672 CVE-2025-6426: No warning wh...

SUSE-SU-2025:02368-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.12 MFSA 2025-55, bsc1244670: - CVE-2025-6424: Use-after-free in FontFaceSet bmo1966423 - CVE-2025-6425: The WebCompat WebExtension shipped exposed a persistent UUID bmo1717672 - CVE-2025-6426: No...

Malicious code in svcmanager (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 062d589e7c49394864a13694f3de2a89589fd2f5e6a4d2e43e35ce136b6e7e9c Package attempts to download an executable and install it as a privileged service. The executable seems to be modified remote access tool --- Category: MALICIO...

Vulnerability of the main and fileman modules of the 1C-Bitrix website management system: Website management that allows attackers to gain unauthorized access to configuration and executable files

Vulnerability of the main and fileman modules of the 1C-Bitrix website management system: Website management involves insecure handling of privileges. Exploiting this vulnerability can allow an attacker to gain unauthorized access to configuration and executable files...

Oracle OpenJDK 8.x - 24.x Multiple Vulnerabilities (Jul 2025)

Oracle OpenJDK is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:openjdk"; ifdescripti...

CVE-2025-53906 Vim has path traversal issue with zip.vim and special crafted zip archives

Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successful...

Malicious code in crto5 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3a906f74f9672d68f42311985b67b1076e3b02caf14d8366b703d3331ff5897b Importing the module starts downloading or decrypting, and then executing an executable being a wide recognized malware/Infostealer Redline family --- Category...

MAL-2025-193014 Malicious code in cas-base (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 69eb341218878aebdec66eb5a44391314921fe3c7fb387021d0684bbb91913b3 The package contains code to install remotely stored malware and ensure its persistence. The code is not triggered automatically; it requires a separate trigge...

Malicious code in cas-base (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 69eb341218878aebdec66eb5a44391314921fe3c7fb387021d0684bbb91913b3 The package contains code to install remotely stored malware and ensure its persistence. The code is not triggered automatically; it requires a separate trigge...