Signal K Server: Arbitrary Prototype Read via `from` Field Bypass

Summary The /signalk/v1/applicationData/... JSON-patch endpoint allows users to modify stored application data. To prevent Prototype Pollution, the developers implemented an isPrototypePollutionPath guard. However, this guard only checks the path property of incoming JSON-patch objects. It...

SUSE SLES15 / openSUSE 15 Security Update : kea (SUSE-SU-2026:1091-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1091-1 advisory. Update to release 2.6.3 bsc1243240: - CVE-2025-32801: Fixed loading a malicious hook library can lead to local...

SUSE SLED15 / SLES15 Security Update : kea (SUSE-SU-2026:0907-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0907-1 advisory. Update to release 2.6.3 bsc1243240: - CVE-2025-32801: Loading a malicious hook library can lead to local...

Docker CLI 安全漏洞

Docker CLI is a command-line management tool for containerized applications, open-sourced by Docker. Versions of Docker CLI prior to 29.1.5 contain security vulnerabilities. These vulnerabilities stem from an insecure search path for plugin binary files on Windows, which could allow low-privilege...

CVE-2025-13322

The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 2.0. This is due to the wpaguploadaudiocallback AJAX handler not properly validating user-supplied file paths in the audioupload...

CVE-2024-14012 Potential Privilege Escalation in Revenera InstallShield 2023 R1

Potential privilege escalation issue in Revenera InstallShield version 2023 R1 running a renamed Setup.exe on Windows. When a local administrator executes a renamed Setup.exe, the MPR.dll may get loaded from an insecure location and can result in a privilege escalation. The issue has been fixed i...

CVE-2024-14012

CVE-2024-14012 describes a privilege elevation in Revenera InstallShield 2023 R1 on Windows when a local administrator runs a renamed Setup.exe, causing MPR.dll to be loaded from an insecure location. The vulnerability is caused by the loader path for MPR.dll and can lead to elevated privileges. ...

CVE-2024-14012 Potential Privilege Escalation in Revenera InstallShield 2023 R1

Potential privilege escalation issue in Revenera InstallShield version 2023 R1 running a renamed Setup.exe on Windows. When a local administrator executes a renamed Setup.exe, the MPR.dll may get loaded from an insecure location and can result in a privilege escalation. The issue has been fixed i...

Evope Collector 安全漏洞

Evope Collector is a team performance monitoring and task mining platform from Evope Brazil. A security vulnerability exists in Evope Collector version 1.1.6.9.0, which stems from loading the wtsapi32.dll library from an uncontrolled search path, which could lead to a local attacker executing...

ROS-20251028-10

A vulnerability in the NVIDIA Container Toolkit container creation and launch software and the NVIDIA GPU Operator resource management software is associated with synchronization errors. NVIDIA GPU Operator resource management software is associated with synchronization errors when using a shared...

[SECURITY] [DSA 6035-1] python-internetarchive security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6035-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 23, 2025 https://www.debian.org/security/faq -...

Debian dsa-6035 : internetarchive - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6035 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6035-1 [email protected] https://www.debian.org/security/...

AlmaLinux 10 : kea (ALSA-2025:9178)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:9178 advisory. kea: Loading a malicious hook library can lead to local privilege escalation CVE-2025-32801 kea: Insecure handling of file paths allows multiple local...

EUVD-2010-1667

Malware in sbrugna...

EUVD-2005-0445

Malware in sbrugna...

EUVD-2023-45154

Malicious code in bioql PyPI...

EUVD-2025-12537

Malicious code in bioql PyPI...

kea security update

An update is available for kea. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list DHCP implementation from Internet Systems Consortium, Inc. that features fully...

NoMachine 代码问题漏洞

NoMachine is a remote desktop access tool from Luxembourg-based NoMachine. NoMachine suffers from a code issue vulnerability that stems from an insecure OpenSSL configuration path that could lead to local elevation of privilege...

BIT-LIBPYTHON-2022-26488

In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabl...