PT-2025-47797

Name of the Vulnerable Software and Affected Versions MLX versions prior to 0.29.4 Description MLX, an array framework for machine learning on Apple silicon, contains a heap buffer overflow in the mlx::core::load function when processing malicious NumPy .npy files. A specially crafted file can...

CVE-2025-10702

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

GHSA-MRW7-HF4F-83PF vLLM deserialization vulnerability leading to DoS and potential RCE

Summary A memory corruption vulnerability that leading to a crash denial-of-service and potentially remote code execution RCE exists in vLLM versions 0.10.2 and later, in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using...

vLLM deserialization vulnerability leading to DoS and potential RCE

Summary A memory corruption vulnerability that leading to a crash denial-of-service and potentially remote code execution RCE exists in vLLM versions 0.10.2 and later, in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using...

TencentOS Server 4: LibRaw (TSSA-2025:0399)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0399 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: bind9-next (TSSA-2025:0574)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0574 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

PT-2025-47426

The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the trigger mailing queue...

SUSE CVE-2025-63744

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load function of bindyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program...

Oracle Application Testing Suite (October 2025 CPU)

The versions of Oracle Application Testing Suite installed on the remote host are affected by a vulnerability as referenced in the October 2025 CPU advisory. - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apache...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-49957)

ocfs2: null-ptr-deref when journal load failed. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504593; scriptversion"1.2";...

ALSA-2025:21693 Important: haproxy security update

The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: denial of service vulnerability in HAProxy mjson library CVE-2025-11230 For more details about the security issues, including the impact, a CVSS score,...

CLSA-2025-1763371545 gdk-pixbuf2: Fix of CVE-2025-7345

CVE-2025-7345: fix heap buffer overflow during base64 encoding in gdkpixbufjpegimageloadincrement...

CVE-2025-64179

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. In versions 1.69.0 and below, missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may...

CVE-2025-54559

An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external content...

EUVD-2025-197642

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load function of bindyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program...

CVE-2025-63744

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load function of bindyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program...

OESA-2025-2675 python-aiomysql security update

aiomysql is a "driver" for accessing a MySQL database from the asyncio PEP-3156/tulip framework. It depends on and reuses most parts of PyMySQL . aiomysql tries to be like awesome aiopg library and preserve same api, look and feel. Security Fixes: aiomysql is a library for accessing a MySQL...

SUSE CVE-2025-40134

In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in dmsuspend There is a race condition between dm device suspend and table load that can lead to null pointer dereference. The issue occurs when suspend is invoked before table load completes: BUG...

CVE-2025-63744

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load function of bindyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program...

CVE-2025-63744

CVE-2025-63744 affects radare2 6.0.5 and earlier due to a NULL pointer dereference in the load() function in bin_dyldcache.c, which can cause a segmentation fault/crash when processing a crafted file. Several connected advisories confirm the vulnerable function/file and advise upgrading to a vers...