CVE-2025-1067

CVE-2025-1067 describes an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4. A low-privileged user with write access to the local filesystem can place a malicious executable that, when a specific ArcGIS Pro action is performed, may execute with the victim’s privileges. The issue...

PT-2025-7928

Name of the Vulnerable Software and Affected Versions LibreOffice versions prior to 24.8.5 Description The issue is related to improper input validation, allowing Windows Executable hyperlink targets to be executed unconditionally when activated. Recommendations For versions prior to 24.8.5, upda...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview shopxo/shopxo is an e-commerce system. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' due to insufficient input validation in the ThemeAdminService component. Authenticated attackers wit...

Malicious code in singtok (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 20dad294eb5c742d0044f1dde01f51646f0b34a86a7cb86c84547981276f46ce Importing the module starts Obfuscated code that downloads a well-recognized malware. In the further variations, the code that download and starts the maliciou...

MAL-2025-191899 Malicious code in tiksing (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ef883e1ad19e5cbeafdda023c535abc9a14f84f81dce26e06d9f10bf77013ab5 Importing the module starts Obfuscated code that downloads a well-recognized malware. In the further variations, the code that download and starts the maliciou...

MAL-2025-191868 Malicious code in singtok (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 20dad294eb5c742d0044f1dde01f51646f0b34a86a7cb86c84547981276f46ce Importing the module starts Obfuscated code that downloads a well-recognized malware. In the further variations, the code that download and starts the maliciou...

MAL-2025-191869 Malicious code in sintok (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7ac54e69b2c1c8f39c9a938ce34d0f0382a0185aa821e4d8e6eaeaac1c456ecb Importing the module starts Obfuscated code that downloads a well-recognized malware. In the further variations, the code that download and starts the maliciou...

PT-2025-7916 · Nvidia +1 · Nvidia Cuda Toolkit +1

Name of the Vulnerable Software and Affected Versions: NVIDIA CUDA toolkit affected versions not specified Description: The issue is related to an out-of-bounds read in the cuobjdump binary of the NVIDIA CUDA toolkit. This can be triggered by passing a malformed ELF file to cuobjdump, potentially...

PT-2025-7915 · Nvidia +1 · Nvidia Cuda Toolkit +1

Name of the Vulnerable Software and Affected Versions: NVIDIA CUDA toolkit affected versions not specified Description: The issue is related to the nvdisasm binary in the NVIDIA CUDA toolkit, where passing a malformed ELF file could cause an out-of-bounds read. This might lead to a partial denial...

PT-2025-7925 · Nvidia +1 · Nvidia Cuda Toolkit +1

Name of the Vulnerable Software and Affected Versions: NVIDIA CUDA toolkit affected versions not specified Description: The issue is related to a NULL pointer exception that can occur when a malformed ELF file is passed to the nvdisasm binary. This could lead to a partial denial of service...

GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow

...

Malicious code in network-utils-simple (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1fd943d3243197ac153b2623548e62b4225a59f611cf13fe962bc3ced369a32d During installation, there is an attempt to download and execute code. The package has no real functionality. --- Category: MALICIOUS - The campaign has clearl...

[SECURITY] Fedora 41 Update: python3.14-3.14.0~a4-2.fc41

Python 3.14 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.14 package provides the "python3.14" executable:...

PT-2025-6780 · Schneider Electric · Ecostruxure Process Expert

Name of the Vulnerable Software and Affected Versions: EcoStruxure Process Expert version 2020R2 Description: The issue is related to improper privilege management, affecting two services, one of which manages audit trail data and the other acts as a server managing client requests. This could le...

CVE-2024-53977

A vulnerability has been identified in ModelSim All versions V2025.1, Questa All versions V2025.1. An example setup script contained in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inje...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ELF: fixed the double read of kernel.randomizevaspace. The ELF loader uses “randomizevaspace” twice. This is a sysctl setting that can be changed at any time; therefore, two reads could potentially access different values,...

Astra Linux – Vulnerability in Firefox, Thunderbird

When handling keypress events, an attacker might have been able to trick a user into bypassing the “Open Executable File?” confirmation dialog. This could have led to the execution of malicious code. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

CVE-2021-44169

A improper initialization in Fortinet FortiClient Windows version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory...

CVE-2022-43440

Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable...

CVE-2022-30527

A vulnerability has been identified in SINEC NMS All versions V2.0. The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges...