CVE-2025-70968

FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE...

CVE-2024-14021

LlamaIndex run-llama/llamaindex versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.loadfromdisk in llamaindex/indices/managed/bgem3/base.py. The function uses pickle.load to deserialize multiembedstore.pkl from a user-supplied persistdir without...

UBUNTU-CVE-2025-71078

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/slb: Fix SLB multihit issue during SLB preload On systems using the hash MMU, there is a software SLB preload cache that mirrors the entries loaded into the hardware SLB buffer. This preload cache is subject to period...

CVE-2025-68767

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to 1, the permissions...

CVE-2025-68767

The CVE-2025-68767 case affects the Linux kernel’s hfsplus inode loading: if the 16-bit mode field read from disk is corrupted and non-zero, the i_mode S_IFMT bits may become bogus. When mode is not 0, the file type is derived as: dir==1 → S_IFDIR; dir==0 → one of S_IFREG, S_IFLNK, S_IFCHR, S_IFB...

CVE-2025-68767

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to 1, the permissions...

CVE-2025-68767 hfsplus: Verify inode mode when loading from disk

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to 1, the permissions...

[SECURITY] Fedora 42 Update: coturn-4.7.0-4.fc42

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

[SECURITY] Fedora 43 Update: coturn-4.7.0-4.fc43

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

OSV-2026-36 Heap-buffer-overflow in iTUNTripletCallback

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=474821719 Crash type: Heap-buffer-overflow READ 4 Crash state: iTUNTripletCallback SetupMeta MP4LoadMeta...

ROS-20260113-7313

A vulnerability in the loadelfbinary function of the Linux kernel file system is related to incorrect input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Spring AI Agentic Patterns (Part 1): Agent Skills - Modular, Reusable Capabilities

Agent Skills are modular folders of instructions, scripts, and resources that AI agents can discover and load on demand. Instead of hardcoding knowledge into prompts or creating specialized tools for every task, skills provide a flexible way to extend agent capabilities. Spring AI's implementatio...

MiracleLinux 9 : bind9.18-9.18.29-1.el9_5.1 (AXSA:2025-9706:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9706:01 advisory. bind: bind9: Many records in the additional section cause CPU exhaustion CVE-2024-11187 bind: bind9: DNS-over-HTTPS implementation suffers from...

Deserialization of Untrusted Data

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the loadfromdisk function. An attacker can execute arbitrary code by supplying a crafted multiembedstore.pkl file in a user-controlled director...

CVE-2024-14021

Summary: CVE-2024-14021 affects LlamaIndex up to 0.11.6, where BGEM3Index.load_from_disk() deserializes multi_embed_store.pkl from a user-supplied persist_dir using pickle.load() without validation, enabling arbitrary code execution when the index is loaded from disk. This is reported across mult...

CVE-2024-14021 LlamaIndex <= 0.11.6 BGEM3Index Unsafe Deserialization

LlamaIndex run-llama/llamaindex versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.loadfromdisk in llamaindex/indices/managed/bgem3/base.py. The function uses pickle.load to deserialize multiembedstore.pkl from a user-supplied persistdir without...

CVE-2024-14021 LlamaIndex <= 0.11.6 BGEM3Index Unsafe Deserialization

LlamaIndex run-llama/llamaindex versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.loadfromdisk in llamaindex/indices/managed/bgem3/base.py. The function uses pickle.load to deserialize multiembedstore.pkl from a user-supplied persistdir without...

CVE-2025-69258

A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations...

CVE-2023-49198

Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true=true=/=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version 1.0.1, which fixes the issue...

CVE-2009-4137

The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via vectors related to the destruct function in the...