MailEnable 代码问题漏洞

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...

EUVD-2025-201854

SAPUI5 and OpenUI5 packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system...

PT-2025-49763

SAPUI5 and OpenUI5 packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system...

SAP SAPUI5 安全漏洞

SAP SAPUI5 is a JavaScript application framework from SAP, a German company. A security vulnerability exists in SAP SAPUI5 that stems from the use of outdated third-party libraries resulting in an infinite loop, which could result in a denial-of-service attack...

Progress Telerik Document Processing Libraries Installed (Windows)

Binary data progresstelerikdocumentprocessinglibrarieswininstalled.nbin...

Security Bulletin: Multiple Vulnerabilities in IBM StreamSets Data Collector

Summary Multiple vulnerabilities were addressed in IBM StreamSets Data Collector version 6.4.0 Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules, Legion of...

Breaking ECDSA with Electromagnetic Side-Channel Attacks: Challenges and Practicality on Modern Smartphones

Smartphones handle sensitive tasks such as messaging and payment and may soon support critical electronic identification through initiatives such as the European Digital Identity EUDI wallet, currently under development. Yet the susceptibility of modern smartphones to physical side-channel analys...

cc.ddrpa.dorian.polystash:polystash-spring-boot-starter (=1.0.0), com.alibaba.fastjson2:fastjson2-extension (>=2.0.27 <=2.0.62) +39 more potentially affected by CVE-2025-66566 via org.lz4:lz4-pure-java (=1.8.0)

org.lz4:lz4-pure-java MAVEN version =1.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.lz4:lz4-pure-java and may be impacted: - cc.ddrpa.dorian.polystash:polystash-spring-boot-starter =1.0.0 - com.alibaba.fastjson2:fastjson2-extension =2.0.27,...

0lever-utils (>=0.0.2 <=0.0.7), 0xdegenmo-lighter-mcp (=0.1.1) +15769 more potentially affected by CVE-2025-66418 via urllib3 (>=1.24.0 <=2.5.0)

urllib3 PYPI version =1.24.0, =0.0.2, =0.3.0, =0.0.1a0, =2.3.84, =0.1.0, =1.1.2, =0.1.0, =0.1.0, =0.0.2, =0.0.5, =0.0.7 - a-mailx =0.1.0 and more Source cves: CVE-2025-66418 Source advisory: SNYK:PYTHON-URLLIB3-14192443...

CVE-2025-62686

A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a RESTRICT segment, a local user may exploit the DYLDINSERTLIBRARIES environment...

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.stainless:grails-tika (=0.1.0) +739 more potentially affected by CVE-2025-54988 +1 more via org.apache.tika:tika-parsers (>=1.13 <=1.9)

org.apache.tika:tika-parsers MAVEN version =1.13, =1.3, =1.0.1, =3.6.1, =3.11.0, =4.6.0, =8.10.1.3, =8.10.1.3, =8.10.1.3, =0.1, =3.0.0, =3.0.1 and more Source cves: CVE-2025-54988, CVE-2025-66516 Source advisory: OSV:GHSA-F58C-GQ56-VJJF...

Adobe Experience Manager (AEM) Debugging Client Libraries Exposure

This plugin detects the presence of the Adobe Experience Manager AEM Debugging Client Libraries on a web server. These libraries are intended for development and debugging purposes and should not be exposed in a production environment, as they may contain sensitive information or functionality th...

Security Bulletin: IBM Automation Decision Services for October 2025 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-46653...

CVE-2025-62686

This CVE affects Plugin Alliance Installation Manager v1.4.0 on macOS, specifically the InstallationHelper service. The root cause is missing hardened runtime and a __RESTRICT segment, allowing local users to abuse the DYLD_INSERT_LIBRARIES environment variable to inject a dynamic library, potent...

EUVD-2025-200324

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries...

CVE-2025-64642

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries...

CVE-2025-64642

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries...

CVE-2025-64642

CVE-2025-64642 concerns NMIS/BioDose V22.02 and earlier, where default insecure file permissions on installation directories could allow local users to modify program executables and libraries. Multiple sources (NVD, Red Hat, EUVD, CVE lists, and ICS advisory) describe the issue as an insecure in...

agentengine-sdk-python (>=0.2.0 <=0.4.0), agentic-chat-ui (>=0.1.0 <=0.2.4) +42 more potentially affected by CVE-2025-68492 via chainlit (>=2.0.0 <=2.6.3)

chainlit PYPI version =2.0.0, =0.2.0, =0.1.0, =0.3.0, =0.0.3, =0.14.0, =0.0.0, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =0.1.1, =0.1.0, =1.3.0 and more Source cves: CVE-2025-68492 Source advisory: SNYK:PYTHON-CHAINLIT-14157231...

Facebook Proxygen 安全漏洞

Facebook Proxygen is a set of open source C++ HTTP class libraries from Facebook Inc. in the United States. A security vulnerability exists in Facebook Proxygen that stems from an infinite loop triggered when processing large requests, which could lead to memory exhaustion...