CVE-2025-31324 Missing Authorization check in SAP NetWeaver (Visual Composer development server)

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availabili...

SUSE CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

DEBIAN-CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

kitty 安全漏洞

kitty is a Python-based GPU terminal emulation software by Kovid Goyal, an individual developer in India. The software provides basic terminal functionality and GPU-based rendering reduces system load, uses OpenGL for rendering, and can be supported on Linux and Mac. A security vulnerability exis...

PT-2025-17401 · Kitty +1 · Kitty +1

Name of the Vulnerable Software and Affected Versions: kitty versions prior to 0.41.0 Description: The issue concerns the open actions.py script in kitty, which does not request user confirmation before executing a local executable file. This file may have been linked from an untrusted document,...

Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader

A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution," Palo...

Siemens License Server Privilege Mismanagement Vulnerability

Siemens License Server SLS is a tool from Siemens, Germany, for managing and distributing licenses for Siemens software products. A privilege mismanagement vulnerability exists in Siemens License Server that stems from not properly validating an executable file in an application folder, which can...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : poppler (SUSE-SU-2025:1342-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1342-1 advisory. - CVE-2025-32364: Fixed a floating point exception. bsc1240880 - CVE-2025-32365: Fixed the isOk...

SUSE-SU-2025:1342-1 Security update for poppler

This update for poppler fixes the following issues: - CVE-2025-32364: Fixed a floating point exception. bsc1240880 - CVE-2025-32365: Fixed the isOk check in JBIG2Bitmap::combine function in JBIG2Stream.cc. bsc1240881 - Adding -fpie compile flag to GCC for Position Independent Executable PIE suppo...

CVE-2025-43715

CVE-2025-43715 affects the Nullsoft Scriptable Install System (NSIS) prior to 3.11 on Windows. The root cause is that the temporary plugins directory is created under %WINDIR%\temp and an unprivileged user can win a race by placing a crafted executable, because EW_CREATEDIR does not consistently ...

Low: cuda-cupti-12-8

Issue Overview: NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. CVE-2024-53870...

Low: libnpp-12-8

Issue Overview: NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. CVE-2024-53870...

Oracle OpenJDK 8.x - 24.x Multiple Vulnerabilities (Apr 2025)

Oracle OpenJDK is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:openjdk"; ifdescripti...

Low: cuda-nsight-12-8

Issue Overview: NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. CVE-2024-53870...

Low: cuda-toolkit-12

Issue Overview: NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. CVE-2024-53870...

Low: libcusolver-12-8

Issue Overview: NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. CVE-2024-53870...