CVE-2025-64772

The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...

[SECURITY] [DLA 4389-1] pytorch security update

Debian LTS Advisory DLA-4389-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert December 01, 2025 https://wiki.debian.org/LTS Package : pytorch Version : 1.7.1-7+deb11u1 CVE ID : CVE-2025-32434 A possible remote code execution RCE vulnerability has been discovered i...

CVE-2025-64772

The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...

EUVD-2025-199943

The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...

CVE-2025-64772

CVE-2025-64772 affects Sony INZONE Hub installer versions 1.0.10.3–1.0.17.0. Root cause: an insecure DLL search path in the installer allowing loading of unintended DLLs, enabling arbitrary code to run with the invoking user’s privileges. CVSS data indicates local access with low attack complexit...

PT-2025-48580

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.11.1 Description vLLM is an inference and serving engine for large language models LLMs. A critical issue exists in the Nemotron Nano VL Config class where remote code execution can occur. When vLLM loads a model...

PT-2025-48583

Name of the Vulnerable Software and Affected Versions Tencent NeuralNLP-NeuralClassifier affected versions not specified Description A flaw exists within the load checkpoint function that allows remote attackers to execute arbitrary code on affected installations. The issue stems from insufficien...

PT-2025-48443

Name of the Vulnerable Software and Affected Versions Zabbix Agent versions affected versions not specified Description The Zabbix Agent builds on AIX are susceptible to a library loading hijacking issue. Local users possessing write access to the /home/cecuser directory can exploit this to hijac...

Zabbix Agent 安全漏洞

Zabbix Agent is a component in Zabbix from Zabbix Latvia. A security vulnerability exists in Zabbix Agent that originates from a local user being able to hijack the library loading process by writing to the /home/cecuser directory...

CVE-2025-11156

CVE-2025-11156 affects the Netskope NS Client on Windows. A local, authenticated user with Administrator privileges can improperly load the NS Client driver as a generic kernel service, triggering a system crash (Blue Screen of Death) and a Denial of Service on the affected machine. The descripti...

Security update for grub2

This update for grub2 fixes the following issues: CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-free bsc1252930 CVE-2025-61662: Fixed missing unregister call for...

PT-2025-48291

Name of the Vulnerable Software and Affected Versions Astro versions 5.15.7 and below Description Astro, a web framework, is affected by a double URL encoding bypass. This allows unauthenticated attackers to bypass path-based authentication checks in Astro middleware, potentially granting...

📄 sudo 1.9.17 Local Privilege Escalation

sudo version 1.9.17 local privilege escalation proof of concept exploit that leverages NSS module loading. ============================================================================================================================================= | Title : sudo 1.9.17 local Privilege Escalation...

PT-2025-48974

Name of the Vulnerable Software and Affected Versions NVIDIA TAO affected versions not specified Description NVIDIA TAO is susceptible to a flaw that allows an attacker to load a resource through an uncontrolled search path. Exploitation of this issue could lead to privilege escalation, data...

CVE-2025-64713

WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When framerefbottom and frameoffsetbottom arrays are at capacity and a GETGLOBALI32...

CVE-2025-63685

Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of regsvr32.exe it loads. An attacker can place a crafted malicious DLL in the application's...

PYSEC-2025-139

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a segmentation fault in mlx::core::loadgguf when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. This iss...

EUVD-2025-198336

Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of regsvr32.exe it loads. An attacker can place a crafted malicious DLL in the application's...

CVE-2025-63685

Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of regsvr32.exe it loads. An attacker can place a crafted malicious DLL in the application's...

CVE-2025-63685

Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of regsvr32.exe it loads. An attacker can place a crafted malicious DLL in the application's...