Installer of RakurakuMusen Start EX for Windows may insecurely load Dynamic Link Libraries

Overview Installer of RakurakuMusen Start EX for Windows provided by NEC Corporation uses an inappropriate DLL search path list, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2025-12852 Impact Arbitrary code may be executed with the...

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), com.amazon.deequ:deequ (>=2.0.14-spark-4.0 <=2.0.15-spark-4.0) +329 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (=3.0.16)

org.glassfish.jersey.core:jersey-client MAVEN version =3.0.16 is affected by a known vulnerability. The following packages have a transitive dependency on org.glassfish.jersey.core:jersey-client and may be impacted: - ai.catboost:catboost-spark4.02.13 =1.2.10 - com.amazon.deequ:deequ...

HSEC-2024-0002 out-of-bounds write when there are many bzip2 selectors

out-of-bounds write when there are many bzip2 selectors A malicious bzip2 payload may produce a memory corruption resulting in a denial of service and/or remote code execution. Network services or command line utilities decompressing untrusted bzip2 payloads are affected. Note that the exploitati...

com.databricks:automatedml_2.11 (=0.7.2), com.github.aishfenton:vegas-flink_2.11 (=0.3.4) +11 more potentially affected by CVE-2025-59840 via org.webjars.bower:vega (>=1.5.4 <=3.0.0-rc4)

org.webjars.bower:vega MAVEN version =1.5.4, =0.3.6, =0.3.6, =0.3.6, =1.1.0, =2.1.0, =1.0.10, =2.0.1 Source cves: CVE-2025-59840 Source advisory: SNYK:JAVA-ORGWEBJARSBOWER-13961288...

OpenSCAP Libraries 1.3.13

The openscap project is a set of open source libraries that support the SCAP Security Content Automation Protocol set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF...

Siemens SIMATIC S7-1500 Improper Neutralization of CRLF Sequences (CVE-2019-9740)

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

CVE-2025-40763

A vulnerability has been identified in Altair Grid Engine All versions V2026.0.0. Affected products do not properly validate environment variables when loading shared libraries, allowing path hijacking through malicious library substitution. This could allow a local attacker to execute arbitrary...

CVE-2025-40763

CVE-2025-40763 affects Altair Grid Engine (all versions

CVE-2025-40763

A vulnerability has been identified in Altair Grid Engine All versions V2026.0.0. Affected products do not properly validate environment variables when loading shared libraries, allowing path hijacking through malicious library substitution. This could allow a local attacker to execute arbitrary...

MAL-2025-78664 Malicious code in hadianto-ronde36-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0d6ea9ad90d549d8200c51d5317e599d4500b94da4ed3584dfe648eab8bd718 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

[SECURITY] Fedora 42 Update: dotnet8.0-8.0.121-1.fc42

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

PT-2025-46540

Name of the Vulnerable Software and Affected Versions Altair Grid Engine versions prior to 2026.0.0 Description The software does not properly validate environment variables when loading shared libraries, which can allow for path hijacking through malicious library substitution. A local attacker...

Siemens Altair Grid Engine 代码问题漏洞

Siemens Altair Grid Engine is a distributed resource management system from Siemens USA. A code issue vulnerability exists in Siemens Altair Grid Engine versions prior to V2026.0.0, which stems from a failure to properly validate environment variables when loading shared libraries, which could le...

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF007

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF007 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openjpeg (SUSE-SU-2025:3946-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3946-1 advisory. - CVE-2023-39327: Fixed that malicious files can cause a large loop that continuously prints warning...

GHSA-52C5-VH7F-26FX Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values are not, allowing attackers to inject arbitrary JavaScript code. Who is impacted: - Any application using...

Security update for openjpeg

This update for openjpeg fixes the following issues: CVE-2023-39327: Fixed that malicious files can cause a large loop that continuously prints warning messages on the terminal bsc1227410. Other bug fixes: Ensure no bundled libraries are used bsc1250467. Patch Instructions: To install this SUSE...

SUSE-SU-2025:3946-1 Security update for openjpeg

This update for openjpeg fixes the following issues: - CVE-2023-39327: Fixed that malicious files can cause a large loop that continuously prints warning messages on the terminal bsc1227410. Other bug fixes: - Ensure no bundled libraries are used bsc1250467...

Security update for qatengine, qatlib

This update for qatengine, qatlib fixes the following issues: Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities: bsc1233363 CVE-2024-28885 bsc1233365 CVE-2024-31074 bsc1233366 CVE-2024-33617 Update to 1.7.0: ipp-crypto name change to cryptography-primitives QATSW G...

Security Bulletin: IBM Maximo Application Suite uses multiple third party libraries which is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite uses setuptools 76.1.0, urllib3-1.26.20-py2.py3-none-any.whl, cross-spawn v7.0.3, braces v3.0.2, axios-1.11.0.tgz, xmltodict-0.14.2-py2.py3-none-any.whl, WebSphere Application Server Liberty version 25.0.0.8 which is vulnerable to CVE-2025-47273, CVE-2025-5018...