Oracle Linux 9 : ncurses (ELSA-2025-12876)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-12876 advisory. 6.2-10.20210508.el96.2 - remove execute permissions from ANNOUNCE file RHEL-102738 6.2-10.20210508.el96.1 - guard against corrupt terminfo data in string...

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. A security vulnerability exists in Trend Micro Apex One that originates from allowing a pre-authenticated remote attacker to upload malicious code and execute commands...

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. A security vulnerability exists in Trend Micro Apex One that originates from allowing a pre-authenticated remote attacker to upload malicious code and execute commands...

ncurses security update

6.2-10.20210508.el96.2 - remove execute permissions from ANNOUNCE file RHEL-102738 6.2-10.20210508.el96.1 - guard against corrupt terminfo data in string conversion CVE-2022-29458 RHEL-100139...

PT-2025-31856 · Zkeacms · Zkeacms

Name of the Vulnerable Software and Affected Versions: ZKEACMS version 4.1 Description: An arbitrary file upload vulnerability exists in ZKEACMS version 4.1, allowing attackers to execute arbitrary code by uploading a crafted file. Recommendations: At the moment, there is no information about a...

Pearcleaner 安全漏洞

Pearcleaner is a mac application cleaner tool by the individual developer Alin Lupascu. A security vulnerability exists in Pearcleaner versions 4.4.0 through 4.5.1, which stems from the XPC service exposing the Execute Arbitrary Command method, which could lead to elevation of privilege...

PT-2025-31543 · Undefined · Undefined

An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel developed by LXCenter prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbin/webcommand.php, which fails to properly sanitize input, allowing an attacker to extract the...

AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

...

PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability

PaperCut NG/MF contains a cross-site request forgery CSRF vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code...

command-injection-payload-list

It is an offensive tool for web application security. The primary CVE ID is not explicitly mentioned, but the description pertains to OS command injection vulnerabilities. The target product/service is web applications, and the vulnerability class/vector is OS command injection. Notable...

odat

This is an offensive tool for Oracle Database. The tool is called ODAT Oracle Database Attacking Tool and is designed to exploit various vulnerabilities in Oracle databases. The tool is written in Python and uses various libraries such as scapy, cxOracle, and progressbar. The tool has several...

Malicious code in airbnb-private (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 600d55fd3b665720464310cd371ad34de68ce71c922d62c4253b2faa215c0c39 Any computer that has this package installed or running should be considered...

CVE-2025-40598

A Reflected cross-site scripting XSS vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code...

CVE-2025-7917

WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2025-51403

A stored cross-site scripting XSS vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter...

CVE-2025-49485

A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands via the 'id' parameter...

CVE-2025-6232

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations...

OESA-2025-1873 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT Treat the NX bit as valid when using NPT, as KVM will set the NX bit when the NX huge page mitigation is enabl...

OESA-2025-1872 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT Treat the NX bit as valid when using NPT, as KVM will set the NX bit when the NX huge page mitigation is enabl...

CVE-2025-6232

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations...