PT-2025-35582

Name of the Vulnerable Software and Affected Versions: Tirreno version 0.9.5 Description: A SQL Injection issue exists in Tirreno version 0.9.5. The vulnerability is located in the /admin/loadUsers API endpoint, stemming from the unsafe handling of user-supplied input within the columns0data...

AVX-Based Timing Side Channel — ASLR Detection

This work demonstrates a technique for detecting ASLR using AVX memory load instructions combined with RDTSCP timing and SIGSEGV detection. It illustrates how side-channel timing measurements can be applied to analyze memory layout randomization...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix Netscaler_Application_Delivery_Controller

CVE-2025-7775 Memory overflow vulnerability leading to Remote...

Linux Distros Unpatched Vulnerability : CVE-2025-38539

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tracing: Add downwritetraceeventsem when adding trace event When a module is loaded, it adds trace events defined by the module. It may also need to modify the...

CVE-2025-7732

The Lazy Load for Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lazy‑loading handlers in all versions up to, and including, 2.18.7 due to insufficient input sanitization and output escaping. The plugin’s JavaScript registration handlers read the client‑supplied...

Linux Distros Unpatched Vulnerability : CVE-2018-18245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified checkload plugin to NRPE...

Linux Distros Unpatched Vulnerability : CVE-2024-32230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideoenc.c:1216:21 in loadinputpicture in FFmpeg7.0...

Linux Distros Unpatched Vulnerability : CVE-2019-10877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Teeworlds 0.7.2, there is an integer overflow in CMap::Load in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and...

Linux Distros Unpatched Vulnerability : CVE-2018-7640

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in CImg v.220. A heap-based buffer over-read in loadbmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability tha...

Linux Distros Unpatched Vulnerability : CVE-2024-31570

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file. CVE-2024-31570 Note that...

Linux Distros Unpatched Vulnerability : CVE-2019-3574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libsixel v1.8.2, there is a heap-based buffer over-read in the function loadjpeg in the file loader.c, as demonstrated by img2sixel. CVE-2019-3574 Note that...

Linux Distros Unpatched Vulnerability : CVE-2020-11986

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to ...

Linux Distros Unpatched Vulnerability : CVE-2018-7638

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in CImg v.220. A heap-based buffer over-read in loadbmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability tha...

Linux Distros Unpatched Vulnerability : CVE-2020-0256

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when...

Linux Distros Unpatched Vulnerability : CVE-2025-8747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by...

SUSE SLES12 Security Update : gdk-pixbuf (SUSE-SU-2025:03010-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:03010-1 advisory. - CVE-2025-7345: Fixed heap buffer overflow in gdkpixbufjpegimageloadincrement function bsc1246114 Tenable has extracted the preceding description blo...

Security update for gdk-pixbuf

This update for gdk-pixbuf fixes the following issues: CVE-2025-7345: Fixed heap buffer overflow in gdkpixbufjpegimageloadincrement function bsc1246114 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:03010-1 Security update for gdk-pixbuf

This update for gdk-pixbuf fixes the following issues: - CVE-2025-7345: Fixed heap buffer overflow in gdkpixbufjpegimageloadincrement function bsc1246114...

CVE-2025-7732

The Lazy Load for Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lazy‑loading handlers in all versions up to, and including, 2.18.7 due to insufficient input sanitization and output escaping. The plugin’s JavaScript registration handlers read the client‑supplied...

CVE-2025-7732

CVE-2025-7732: The WordPress plugin Lazy Load for Videos (