CVE-2017-1000455

GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix...

PT-2025-22384

Name of the Vulnerable Software and Affected Versions Valvesoftware Steam Client version 1738026274 Description The issue allows attackers to escalate privileges via a crafted executable or DLL. This can be achieved by manipulating a specifically crafted executable or DLL, which enables the...

[SECURITY] Fedora 40 Update: perl-PAR-Packer-1.063-3.fc40

This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files...

GHSA-75V8-2H7P-7M2M Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content

Formidable aka node-formidable 2.x before 2.1.3 and 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...

CVE-2025-46653

Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...

[SECURITY] Fedora 41 Update: perl-PAR-Packer-1.063-5.fc41

This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files...

VulnCheck KEV: CVE-2025-31324

SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries...

CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

UBUNTU-CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

CVE-2025-43929

CVE-2025-43929 affects kitty before 0.41.0. The issue arises because open_actions.py does not prompt for user confirmation before executing a local file that could be linked from an untrusted document (e.g., KDE Ghostwriter exports). Affects Kitty component (kitty) with local attack surface; expl...

[SECURITY] Fedora 42 Update: perl-PAR-Packer-1.063-6.fc42

This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files...

UPX 安全漏洞

UPX is a free, secure, portable, scalable, high-performance executable shelling program for a wide range of executable formats. A security vulnerability exists in UPX 5.0.0 and earlier versions, which stems from an incorrect operation of the PackLinuxElf64::unDTINIT function that can cause a heap...

[SECURITY] Fedora 42 Update: bigloo-4.6a-2.fc42

Bigloo is a Scheme implementation devoted to one goal: enabling a Scheme based programming style where C++ is usually required. Bigloo attempts to make Scheme practical by offering features usually presented by traditional programming languages but not offered by Scheme and functional programming...

CVE-2025-24796 Remote Code Execution within Collabora Online jail with Macros Enabled

Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typically hosts each document instance within a jail and is allowed to download content from locations...

Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers

Internet service providers ISPs in China and the West Coast of the United States have become the target of a mass exploitation campaign that deploys information stealers and cryptocurrency miners on compromised hosts. The findings come from the Splunk Threat Research Team, which said the activity...

LibreOffice 输入验证错误漏洞

LibreOffice is an open source office software suite from The Document Foundation. An input validation error vulnerability exists in LibreOffice versions prior to 24.8 through 24.8.5 that stems from improper input validation and could lead to unconditional execution of Windows executables...

CVE-2020-13549

An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or...

CVE-2024-47783

A vulnerability has been identified in SIPORT All versions V3.4.0. The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated...

SUSE-SU-2025:20025-1 Security update for python311, python-rpm-macros

This update for python311, python-rpm-macros fixes the following issues: python311: - CVE-2024-0450: Fixed zipfile module vulnerability with "quoted-overlap" zipbomb bsc1221854 - CVE-2024-4032: Fixed incorrect IPv4 and IPv6 private ranges bsc1226448 - CVE-2024-0397: Fixed memory race condition in...