PT-2025-48780

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries...

EUVD-2025-199943

The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...

PT-2025-48402

The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...

CVE Breadcrumbs: Tracking Vulnerabilities through Versioned Apache Libraries

The Apache Software Foundation ASF ecosystem underpins a vast portion of modern software infrastructure, powering widely used components such as Log4j, Tomcat, and Struts. However, the ubiquity of these libraries has made them prime targets for high-impact security vulnerabilities, as illustrated...

net.codinux.invoicing:e-invoice (>=0.5.0 <=0.5.2), net.codinux.invoicing:e-invoice-jvm (>=0.6.0 <=0.7.3) potentially affected by CVE-2025-66372 via org.mustangproject:validator (>=2.14.2 <=2.15.1)

org.mustangproject:validator MAVEN version =2.14.2, =0.5.0, =0.6.0, =0.7.3 Source cves: CVE-2025-66372 Source advisory: SNYK:JAVA-ORGMUSTANGPROJECT-14147556...

Installer of INZONE Hub may insecurely load Dynamic Link Libraries

Overview The installer of INZONE Hub provided by Sony Corporation contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2025-64772 Kazuma Matsumoto of GMO Cybersecurity by IERAE,...

deezspot-spotizerr (>=2.2.4 <=3.1.5), deezspot-spotizerr-phoenix (>=0.0.11 <=0.0.14) +35 more potentially affected by CVE-2025-66040 via spotipy (>=2.10.0 <=2.25.1)

spotipy PYPI version =2.10.0, =2.2.4, =0.0.11, =0.0.10, =2.6.0, =0.0.3, =0.0.1, =0.2.0, =0.1.1, =0.1.0, =0.0.2.dev4, =0.0.2.dev11 and more Source cves: CVE-2025-66040 Source advisory: SNYK:PYTHON-SPOTIPY-14135648...

Exploring Hidden Geographic Disparities in Android Apps

While mobile app evolution has been widely studied, geographical variation in app behavior remains largely unexplored. This paper presents a large-scale study of location-based Android app differentiation, uncovering two important and underexamined phenomena with security and fairness implication...

CVE-2025-63685

Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of regsvr32.exe it loads. An attacker can place a crafted malicious DLL in the application's...

@voiceflow/alexa-types (>=1.1.3 <=1.49.0), @voiceflow/api-sdk (>=1.0.0 <=1.31.6) +6 more potentially affected by unknown CVE via @voiceflow/pino-pretty (>=4.3.0 <=4.4.0)

@voiceflow/pino-pretty NPM version =4.3.0, =1.1.3, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =1.4.2, =1.10.2, =1.0.0, =1.17.4 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWPINOPRETTY-14103427...

USN-7885-1 openjdk-21 vulnerabilities

Jinfeng Guo discovered that the Security component of OpenJDK 21 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JAX...

OpenSCAP Libraries 1.4.3

The openscap project is a set of open source libraries that support the SCAP Security Content Automation Protocol set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF...

ROS-20251124-11

A vulnerability in the Libraries component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to impact data integrity...

MAL-2025-191758 Malicious code in hexdecnet (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4ca5c3aa5b553fffaca36241e0e3a6144c9b661b9e0cb77fd93ae34fc6b1ed7e Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

[SECURITY] Fedora 42 Update: dotnet10.0-10.0.100-1.fc42

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

[SECURITY] Fedora 41 Update: dotnet10.0-10.0.100-1.fc41

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

a-data-processing (=0.0.1), a-mailx (=0.1.0) +1225 more potentially affected by CVE-2025-65106 via langchain-core (>=0.0.1 <=0.3.8)

langchain-core PYPI version =0.0.1, =0.1.0, =0.1.3, =0.1.0b0, =4.8.2, =0.1.3, =0.1.0, =3.2.0, =2.1.7, =0.0.2, =0.0.5 and more Source cves: CVE-2025-65106 Source advisory: SNYK:PYTHON-LANGCHAINCORE-14100977...

The 2025 Go Cryptography State of the Union

This past August, I delivered my traditional Go Cryptography State of the Union talk at GopherCon US 2025 in New York. It goes into everything that happened at the intersection of Go and cryptography over the last year. You can watch the video with manually edited subtitles, for my fellow subtitl...

CVE-2025-63685

CVE-2025-63685 affects Quark Cloud Drive v3.23.2. The vulnerability is a DLL hijack caused by insecure loading of system libraries: the app does not validate the path or signature of regsvr32.exe, allowing a malicious DLL placed in the startup directory to be loaded and executed when the program ...

TencentOS Server 4: libsoup (TSSA-2025:0247)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0247 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...