Fedora 42 : webkitgtk (2025-4fc934f283)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-4fc934f283 advisory. Prevent unsafe URI schemes from participating in media playback. Make jscvaluearraybuffergetdata function introspectable. Fix logging in to Google...

CVE-2025-13837

CVE-2025-13837 is corroborated by connected advisories, notably Debian DLA-4445-1. The issue affects Python’s plistlib when loading a plist file, where data is read in a size specified by the file itself, potentially causing Out-Of-Memory (OOM) errors and Denial of Service (DoS). The Debian LTS a...

EUVD-2025-199986

Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory...

CVE-2025-49642

Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory...

CVE-2025-49642

Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory...

CVE-2025-49642

Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory...

CVE-2025-49642 Agent builds for AIX vulnerable to library loading hijacking

Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory...

CVE-2025-64772

The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...

[SECURITY] [DLA 4389-1] pytorch security update

Debian LTS Advisory DLA-4389-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert December 01, 2025 https://wiki.debian.org/LTS Package : pytorch Version : 1.7.1-7+deb11u1 CVE ID : CVE-2025-32434 A possible remote code execution RCE vulnerability has been discovered i...

CVE-2025-64772

The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...

EUVD-2025-199943

The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...

CVE-2025-64772

CVE-2025-64772 affects Sony INZONE Hub installer versions 1.0.10.3–1.0.17.0. Root cause: an insecure DLL search path in the installer allowing loading of unintended DLLs, enabling arbitrary code to run with the invoking user’s privileges. CVSS data indicates local access with low attack complexit...

PT-2025-48580

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.11.1 Description vLLM is an inference and serving engine for large language models LLMs. A critical issue exists in the Nemotron Nano VL Config class where remote code execution can occur. When vLLM loads a model...

PT-2025-48583

Name of the Vulnerable Software and Affected Versions Tencent NeuralNLP-NeuralClassifier affected versions not specified Description A flaw exists within the load checkpoint function that allows remote attackers to execute arbitrary code on affected installations. The issue stems from insufficien...

PT-2025-48443

Name of the Vulnerable Software and Affected Versions Zabbix Agent versions affected versions not specified Description The Zabbix Agent builds on AIX are susceptible to a library loading hijacking issue. Local users possessing write access to the /home/cecuser directory can exploit this to hijac...

Zabbix Agent 安全漏洞

Zabbix Agent is a component in Zabbix from Zabbix Latvia. A security vulnerability exists in Zabbix Agent that originates from a local user being able to hijack the library loading process by writing to the /home/cecuser directory...

CVE-2025-11156

CVE-2025-11156 affects the Netskope NS Client on Windows. A local, authenticated user with Administrator privileges can improperly load the NS Client driver as a generic kernel service, triggering a system crash (Blue Screen of Death) and a Denial of Service on the affected machine. The descripti...

Security update for grub2

This update for grub2 fixes the following issues: CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-free bsc1252930 CVE-2025-61662: Fixed missing unregister call for...

📄 sudo 1.9.17 Local Privilege Escalation

sudo version 1.9.17 local privilege escalation proof of concept exploit that leverages NSS module loading. ============================================================================================================================================= | Title : sudo 1.9.17 local Privilege Escalation...

PT-2025-48291

Name of the Vulnerable Software and Affected Versions Astro versions 5.15.7 and below Description Astro, a web framework, is affected by a double URL encoding bypass. This allows unauthenticated attackers to bypass path-based authentication checks in Astro middleware, potentially granting...