CVE-2025-63685

CVE-2025-63685 affects Quark Cloud Drive v3.23.2. The vulnerability is a DLL hijack caused by insecure loading of system libraries: the app does not validate the path or signature of regsvr32.exe, allowing a malicious DLL placed in the startup directory to be loaded and executed when the program ...

Google Chrome < 19.0.0.245 Vulnerability

The version of Google Chrome installed on the remote Windows host is prior to 19.0.0.245. It is, therefore, affected by a vulnerability as referenced in the 201511stable-channel-update advisory. - The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages an...

Alibaba Quark Cloud Drive 安全漏洞

Alibaba Quark Cloud Drive is an online disk software from Chinese company Alibaba. A security vulnerability exists in Alibaba Quark Cloud Drive version v3.23.2, which originates from insecure loading of system libraries and could lead to a DLL hijacking attack...

CVE-2025-10702

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

CVE-2025-10702

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

CVE-2025-12852

DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user's device...

EUVD-2025-198129

DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user's device...

CVE-2025-12852

DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user's device...

CVE-2025-12852

DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user's device...

CVE-2025-12852

The RedHat/JVN/CNVD/etc entries confirm a DLL search-path vulnerability (CWE-427) in NEC RakurakuMusen Start EX Installer for Windows, affecting all versions and allowing arbitrary code execution with user privileges by insecure DLL loading. Root cause: insecure DLL search order. Impact: arbitrar...

PT-2025-47418

DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user's device...

NEC RakurakuMusen Start EX 安全漏洞

NEC RakurakuMusen Start EX is a wireless network connectivity software from Japan Electric NEC. A security vulnerability exists in NEC RakurakuMusen Start EX that stems from a DLL loading issue that could allow an attacker to manipulate the PC environment to perform unexpected actions...

Siemens SCALANCE and RUGGEDCOM Devices Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2024-47742)

firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple codepaths in the kernel where firmware file names contain string...

PT-2026-2499

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where the S IFMT bits of inode-i mode can become invalid when the S IFMT bits of the "mode" field loaded from disk are corrupted. This occurs because t...

CVE-2025-54559

An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external content...

OESA-2025-2690 python-Keras security update

Keras is a high-level neural networks API for Python. Security Fixes: The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from th...

OESA-2025-2691 python-Keras security update

Keras is a high-level neural networks API for Python. Security Fixes: The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from th...

OESA-2025-2689 python-Keras security update

Keras is a high-level neural networks API for Python. Security Fixes: The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from th...

CVE-2025-54559

An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external content...

CVE-2025-47222

A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information...