CVE-2025-68162

In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...

CVE-2025-68162

In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...

EUVD-2025-203768

In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...

CVE-2025-68162

In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...

CVE-2025-68162

JetBrains TeamCity: CVE-2025-68162 affects the maven embedder in TeamCity versions before 2025.11, allowing loading of extensions via project configuration. The published metrics indicate a low overall severity (CVSS 3.1: Confidentiality None, Integrity Low, Availability None; Privileges Required...

CVE-2025-68266

In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstruct file type when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 32bits "mode" field loaded from disk are corrupted or when the 32bits "attributes"...

CVE-2025-68266 bfs: Reconstruct file type when loading from disk

In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstruct file type when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 32bits "mode" field loaded from disk are corrupted or when the 32bits "attributes"...

UBUNTU-CVE-2025-68173

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix softlockup in ftracemoduleenable A soft lockup was observed when loading amdgpu module. If a module has a lot of tracable functions, multiple calls to kallsymslookup can spend too much time in RCU critical section and...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A security vulnerability exists in JetBrains TeamCity...

NVIDIA Nemo Framework 代码问题漏洞

NVIDIA Nemo Framework is a framework for building and deploying generative AI models from NVIDIA. The NVIDIA NeMo Framework contains a security vulnerability that can be exploited by attackers to cause code execution, elevation of privilege, denial of service, and data tampering...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from bfs not properly rebuilding file types when loading from disk...

PT-2025-51759

NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and...

Linux Distros Unpatched Vulnerability : CVE-2025-68266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bfs: Reconstruct file type when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 32bits mode fie...

CVE-2025-67900

NXLog Agent before 6.11 can load a file specified by the OPENSSLCONF environment variable...

PT-2025-51275

Name of the Vulnerable Software and Affected Versions MooreThreads torch musa affected versions not specified Description MooreThreads torch musa contains an unsafe deserialization issue within the torch musa.utils.compare tool module. The compare for single op and nan inf track for single op...

Siemens RUGGEDCOM ROX II Command Injection Vulnerability (CNVD-2026-00016)

Siemens RUGGEDCOM ROX II is an operating system for industrial applications from Siemens, Germany. Siemens RUGGEDCOM ROX II suffers from a command injection vulnerability that is caused by insufficient authentication during the installation and loading of certain configuration files. An attacker...

📄 Flask 3.0.0 Command Injection

Flash 3.0.0 proof of concept exploit that demonstrates multiple command injection vulnerabilities. ============================================================================================================================================= | Title : Flask 3.0.0 Command Injection | | Author :...

Deserialization Of Untrusted Data

vLLM is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insufficient validation of user-supplied serialized tensors during loading, which allows an attacker to craft malicious inputs that trigger out-of-bounds memory writes and crash or compromise the server...

Server-Side Request Forgery (SSRF)

Keras is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of the StringLookup layer during model loading from a crafted .keras archive, which allows an attacker to supply local or remote file paths as vocabulary inputs and exploit tf.io.gfile behavior ...

Remote Code Execution (RCE)

pdfminer.six is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization in the CMapDB.loaddata function, where pickle.loads processes attacker-controlled pickle.gz files referenced by a malicious PDF, allowing arbitrary code execution when the file is...