SUSE CVE-2025-8534

A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PSLvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity ...

AZL-66095 CVE-2025-8534 affecting package libtiff for versions less than 4.6.0-8

A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PSLvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity ...

PT-2025-37960

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A stack overrun issue was resolved in the Linux kernel related to KVM on RISC-V architectures when loading vlenb. A userspace load could potentially place up to 2048 bits into a stack...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via iPSLvl2page while converting the image to PostScript Level 2 output. An attacker can cause denial of service by providing a specially crafted TIFF file. Note: This is only exploitable if DEFERSTRILELOAD...

Deserialization of Untrusted Data

Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the loadmodelmeta function. An attacker can execute arbitrary code by supplying a maliciously crafted serialized .mdl file th...

SUSE-SU-2025:02592-1 Security update for cosign

This update for cosign fixes the following issues: Update to version 2.5.3 jscSLE-23879: - CVE-2025-46569: Fixed OPA server Data API HTTP path injection of Rego bsc1246725 Changelog: Update to 2.5.3: - Add signing-config create command 4280 - Allow multiple services to be specified for trusted-ro...

SWIFT 安全漏洞

SWIFT is a large model and multimodal large model fine-tuning deployment framework from ModelScope open source. A security vulnerability exists in SWIFT 2.6.1 and earlier versions, which stems from the deserialization of untrustworthy data by the loadmodelmeta function in the ModelFileSystemCache...

Deserialization of Untrusted Data

Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the torch.load function. An attacker can execute arbitrary commands by uploading a maliciously crafted adapter model file tha...

Deserialization of Untrusted Data

Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the yaml.load function in tests/run.py when handling user-supplied YAML configuration files. An attacker can execute arbitrar...

A10 Networks AX Loadbalancer 安全漏洞

A10 Networks AX Loadbalancer is a load balancer appliance from A10 Networks, USA. A security vulnerability exists in A10 Networks AX Loadbalancer 2.6.1-GR1-P5 and 2.7.0 and earlier versions, which stems from an unvalidated filename parameter that could lead to path traversal and information...

Exploit for CVE-2025-50460

CVE-2025-50460: Remote Code Execution in modelscope/ms-swift v...

CVE-2025-31276

This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Remote content may be loaded even when the 'Load Remote Images' setting is turned off...

CVE-2025-31276

This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Remote content may be loaded even when the 'Load Remote Images' setting is turned off...

mod_proxy_cluster bug fix update

An update is available for modproxycluster. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modproxycluster module is a plugin for the Apache HTTP Server tha...

USN-7678-1 perl vulnerability

It was discovered that Perl threads incorrectly handled certain file operations. A local attacker could possibly use this issue to load code or access files from unexpected locations...

MongoDB 6.0.x < 6.0.23 / 7.0.x < 7.0.20 / 8.0.x < 8.0.9 Incorrect Handling of Incomplete Data (SERVER-106753)

The version of MongoDB installed on the remote host is 6.0 prior to 6.0.23, 7.0 prior to 7.0.20 and 8.0 prior to 8.0.9. It is, therefore, affected by a vulnerability as referenced in the SERVER-106753 advisory. - MongoDB Server's mongos component can become unresponsive to new connections due to...

GLPI 安全漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

WordPress Lazy Load Optimizer plugin <= 1.4.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Lazy Load Optimizer versions = 1.4.7...

perl: Perl threads have a working directory race condition where file operations may target unintended paths

A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations...

redis-rce

Redis RCE A exploit for Redis 4.x/5.x RCE, inspired by Redis post-exploitation. This repo is a modified version of . Usage: Compile exp.so from . usage: redis-rce.py -h -r RHOST -p RPORT -L LHOST -P LPORT -f FILE -a AUTH -v Redis 4.x/5.x RCE with RedisModules optional arguments: -h, --help show...