MAL-2025-18709 Malicious code in down-load-available-zip-now-246213-articulation-ezaoj-nnjghf (npm)

The package down-load-available-zip-now-246213-articulation-ezaoj-nnjghf was found to contain malicious code...

Malicious code in finally-enum-byte-kappa-load (npm)

The package finally-enum-byte-kappa-load was found to contain malicious code...

Malicious code in down-load-available-zip-now-246213-articulation-ezaoj-nnjghf (npm)

The package down-load-available-zip-now-246213-articulation-ezaoj-nnjghf was found to contain malicious code...

Malicious code in rain-load-cloud-balance-runtime (npm)

The package rain-load-cloud-balance-runtime was found to contain malicious code...

Malicious code in avail-able-albu-m-down-load-2013-5888-false-idols-dclra-zgmhec (npm)

The package avail-able-albu-m-down-load-2013-5888-false-idols-dclra-zgmhec was found to contain malicious code...

CVE-2025-50515

An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded...

CVE-2025-50515

An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded...

NVIDIA Transformers4Rec load_model_trainer_states_from_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA Transformers4Rec. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2025-8747

A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model archive...

CVE-2025-8854

Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or invoked indirectly through PyBullet's vhacd function...

PT-2025-37230

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel’s drm/hisilicon/hibmc driver related to handling hibmc loading failures. When hibmc loading fails, the driver attempts to free resources using hibmc...

Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality

Summary It is possible to bypass the mitigation introduced in response to CVE-2025-1550, when an untrusted Keras v3 model is loaded, even when “safemode” is enabled, by crafting malicious arguments to built-in Keras modules. The vulnerability is exploitable on the default configuration and does n...

CVE-2025-8568

The GMap Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘h’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

OSV-2025-616 Heap-buffer-overflow in Open

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437593508 Crash type: Heap-buffer-overflow READ 7 Crash state: Open demuxProbe vlcmoduleload...

Load-Altering Attacks against Power Grids: a Case Study Using the GB-36 Bus System Open Dataset

The growing digitalization and the rapid adoption of high-powered Internet-of-Things IoT-enabled devices e.g., EV charging stations have increased the vulnerability of power grids to cyber threats. In particular, the so-called Load Altering Attacks LAAs can trigger rapid frequency fluctuations an...

Linux Distros Unpatched Vulnerability : CVE-2025-38261

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - riscv: save the SRSUM status over switches When threads/tasks are switched we need to ensure the old execution's SRSUM state is saved and the new thread has th...

PT-2025-34326 · Git · Vlc

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437731214 Crash type: Heap-buffer-overflow READ 3 Crash state: iTUNTripletCallback SetupMeta MP4 LoadMeta...

Linux Distros Unpatched Vulnerability : CVE-2021-46938

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: dm rq: fix double free of blkmqtagset in dev remove after table load fails When loading a...

Linux Distros Unpatched Vulnerability : CVE-2025-7345

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw exists in gdkpixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib's gbase64encodestep glib/gbase64.c. When processing...

CVE-2012-10039

ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code executio...