PT-2025-44391

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak issue was addressed in the Linux kernel related to the btrfs filesystem. Specifically, the issue occurs when rejecting a non-SINGLE data profile without a RAID stripe tree...

PT-2025-41642

Name of the Vulnerable Software and Affected Versions NEX-Forms – Ultimate Forms Plugin for WordPress versions through 9.1.6 Description The software is susceptible to SQL Injection through the orderby parameter within the nf load form entries action. Insufficient input sanitization and inadequat...

CVE-2025-61864

A use after free vulnerability exists in VS6ComFile!loadlinkinf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end ABEND, and arbitrary code execution...

CVE-2025-61864

A use after free vulnerability exists in VS6ComFile!loadlinkinf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end ABEND, and arbitrary code execution...

EUVD-2025-33712

A use after free vulnerability exists in VS6ComFile!loadlinkinf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end ABEND, and arbitrary code execution...

CVE-2025-61864

CVE-2025-61864 is a use-after-free in VS6ComFile!load_link_inf of FUJI Electric V-SFT, affecting version 6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, ABEND, and arbitrary code execution. Affected product: V-SFT (FUJI Electric); vulnerable componen...

CVE-2025-61864

A use after free vulnerability exists in VS6ComFile!loadlinkinf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end ABEND, and arbitrary code execution...

CVE-2025-61861

An out-of-bounds read vulnerability exists in VS6ComFile!loadlinkinf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end ABEND, and arbitrary code execution...

Fuji Electric V-SFT 资源管理错误漏洞

Fuji Electric V-SFT is a screen configuration software from Fuji Electric Japan. A resource management error vulnerability exists in Fuji Electric V-SFT v6.2.7.0 and earlier versions, which stems from the existence of post-release reuse of VS6ComFile!loadlinkinf, which could lead to information...

PT-2025-41552

Name of the Vulnerable Software and Affected Versions V-SFT versions 6.2.7.0 and earlier Description An out-of-bounds read issue exists in the VS6ComFile!load link inf function. Processing specially crafted V-SFT files can lead to information disclosure, system crashes ABEND, and arbitrary code...

PT-2025-41555

Name of the Vulnerable Software and Affected Versions V-SFT versions 6.2.7.0 and earlier Description A use after free issue exists in the VS6ComFile!load link inf function. Processing specially crafted V-SFT files may result in information disclosure, system crashes, and arbitrary code execution...

CVE-2025-61773

pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed...

CVE-2025-61773 pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters

pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed...

CVE-2025-59958

This CVE affects Juniper Networks Junos OS Evolved on PTX Series (Packet Forwarding Engine). Affected component: firewall filters (output, on WAN/revenue interfaces). Root cause: improper handling when action is 'reject' causing matching packets to be sent to the Routing Engine, consuming RE reso...

GHSA-CJJF-27CC-PVMV pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters

Summary pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or...

pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters

Summary pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or...

GHSA-M9MP-6X32-5RHG scio is vunerable to Remote Command Execution through PyTorch

Impact PyTorch reported a critical vulnerability when using torch.load, even with option weightsonly=True, for torch = 2.6, starting from scio = 1.0.1 currently in dev state. Workarounds You can manually check that you are using torch = 2.6...

scio is vunerable to Remote Command Execution through PyTorch

Impact PyTorch reported a critical vulnerability when using torch.load, even with option weightsonly=True, for torch = 2.6, starting from scio = 1.0.1 currently in dev state. Workarounds You can manually check that you are using torch = 2.6...

UBUNTU-CVE-2025-39958

In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Make attach succeed when the device was surprise removed When a PCI device is removed with surprise hotplug, there may still be attempts to attach the device to the default domain as part of tear down via...

CVE-2025-39958

CVE-2025-39958 concerns the Linux kernel IOMMU on s390: when a PCI device is surprise-removed, teardown may still attempt to attach to the default domain, causing zpci_register_ioat() to fail and s390_iommu_attach_device() to error out. The fix changes the attach path to proceed as if registratio...