PT-2025-50179

Name of the Vulnerable Software and Affected Versions Microsoft Office Word affected versions not specified Description A use after free issue exists in Microsoft Office Word. This flaw could allow an unauthorized attacker to execute code locally. The vulnerability enables remote attackers to...

MAL-2025-192359 Malicious code in ssf-desktop-api-browser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5940c26ac6aa2f9c3682f4d383922757d2d5c361b5a70140ca289eabe304be8d The package ssf-desktop-api-browser was found to contain malicious code. Source: ossf-package-analysis...

CVE-2025-66561

SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting XSS vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This...

CVE-2025-58098

Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...

CVE-2025-64052

The CVE-2025-64052 entry affects Fanvil x210 V2 firmware 2.12.20. An issue permits unauthenticated attackers on the local network to execute arbitrary system commands. The available documents do not detail the root cause or specific exploitation steps. Public references suggest updating to a newe...

CVE-2025-12195

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and includi...

MAL-2025-191959 Malicious code in karem10 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02ecf4d35a03a77c6c6665e814830b4111dd4c3e969a800697b3ca6dc0eeaebc The package karem10 was found to contain malicious code. Source: ossf-package-analysis d2bf23a7af43498c68b78f4d0e45aa2dec25a1ea950bc0c7b9b0d880ec35b9...

SAMSUNG Account 安全漏洞

SAMSUNG Account is an account management software from Samsung South Korea. A security vulnerability exists in SAMSUNG Account versions prior to 15.5.01.1, which stems from improper input validation and could allow a local attacker to execute arbitrary script...

CVE-2025-61228

CVE-2025-61228 affects Shirt Pocket SuperDuper! versions 3.10 and earlier. The issue allows a local attacker to execute arbitrary code via the software update mechanism. The available sources indicate the vulnerability exists in pre-3.11 builds; mitigation is to update to version 3.11 (or later)....

PT-2025-48487

An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls...

CVE-2025-59026

Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...

PT-2025-48258

Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...

PT-2025-48255

Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...

Remote Command Execution

n8n and n8n-nodes-base are vulnerable to Remote Command Execution. The vulnerability is due to the Execute Command node allowing arbitrary command execution on the host system, which allows an attacker to exploit insufficient user trust controls to run malicious commands leading to system...

iommu/mediatek: Fix crash on isr after kexec()

...

JLSEC-2025-241 execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-b...

executefilterdelta in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst...

JLSEC-2025-240 execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-b...

executefilteraudio in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst...

CVE-2025-59370

A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device executing unintended instructions. Refer to the 'Security Update for ASUS Router Firmware' section on...

CVE-2025-59373

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more...

CVE-2025-59373

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more...