EUVD-2025-199877

Netskope was notified about a potential gap in its agent NS Client on Windows systems. If this gap is successfully exploited, a local, authenticated user with Administrator privileges can improperly load the driver as a generic kernel service. This triggers the flaw, causing a system crash...

SUSE-SU-2025:4305-1 Security update for grub2

This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-free bsc1252930 - CVE-2025-61662: Fixed missing unregister call...

CVE-2025-66361

An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load...

EUVD-2025-199836

An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load...

CVE-2025-66361

An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load...

CVE-2025-66361

An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load...

Netskope Client 安全漏洞

Netskope Client is a client program for connecting to manage the Netskope Cloud Platform from Netskope USA. A security vulnerability exists in Netskope Client that originates from an agent NS Client on Windows systems that allows a local privileged user to improperly load a driver, which could...

PT-2025-48334

Netskope was notified about a potential gap in its agent NS Client on Windows systems. If this gap is successfully exploited, a local, authenticated user with Administrator privileges can improperly load the driver as a generic kernel service. This triggers the flaw, causing a system crash...

CVE-2025-66361

An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load...

PT-2025-48285

An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load...

CVE-2025-66361

CVE-2025-66361 affects Logpoint SIEM prior to 7.7.0. The issue is exposure of sensitive information in System Processes during extended high CPU load. Connected sources (Red Hat, CIRCL, EUVD, NVD, etc.) corroborate the same description. No root-cause technical specifics or remediation steps are p...

📄 Flowise 3.0.4 Code Injection

Flowise versions 3.0.4 and below suffer from a remote command injection vulnerability. ============================================================================================================================================= | Title : Flowise 3.0.4 php code injection | | Author : indoushka | ...

Remote Command Execution

scio-pypi is vulnerable to Remote Command Execution. The vulnerability is due to torch.load executing unsafe deserialization even when weightsonly=True, which allows an attacker to craft malicious model files that trigger arbitrary code execution during loading...

Digital Twin-Driven Secure Access Strategy for SAGIN-Enabled IoT Networks

In space-air-ground integrated networks SAGIN-enabled IoT networks, secure access has become a significant challenge due to the increasing risks of eavesdropping attacks. To address these threats to data confidentiality, this paper proposes a Digital Twin DT-driven secure access strategy. The...

JLSEC-2025-320 A vulnerability classified as problematic was found in libtiff 4.6.0

A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PSLvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity ...

CVE-2025-62164

A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bound...

CVE-2025-64050

A Remote Code Execution RCE vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages...

Server-Side Request Forgery (SSRF)

vllm is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient restrictions on user-supplied URLs in the MediaConnector class’s loadfromurl and loadfromurlasync methods, which allows an attacker to coerce the server into making arbitrary internal network requests...

📄 Flowise JS Injection Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Flowise versions greater than or equal to 2.2.7-patch.1 and less than 3.0.6. The vulnerability exists in the customMCP endpoint /api/v1/node-load-method/customMCP located in...

Flowise Custom MCP Remote Code Execution

This module exploits a remote code execution vulnerability in Flowise versions = 2.2.7-patch.1 and use exploit/multi/http/flowisecustommcprce msf exploitflowisecustommcprce show targets ...targets... msf exploitflowisecustommcprce set TARGET msf exploitflowisecustommcprce show options ...show and...