PT-2026-2499

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where the S IFMT bits of inode-i mode can become invalid when the S IFMT bits of the "mode" field loaded from disk are corrupted. This occurs because t...

CVE-2025-54559

An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external content...

OESA-2025-2690 python-Keras security update

Keras is a high-level neural networks API for Python. Security Fixes: The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from th...

OESA-2025-2691 python-Keras security update

Keras is a high-level neural networks API for Python. Security Fixes: The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from th...

OESA-2025-2689 python-Keras security update

Keras is a high-level neural networks API for Python. Security Fixes: The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from th...

CVE-2025-54559

An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external content...

CVE-2025-47222

A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information...

ROS-20251113-07

The BIND DNS server vulnerability is related to a pseudo-random number generator PRNG vulnerability. Exploitation exploitation of the vulnerability could allow a remote attacker to compromise the integrity of data in the DNS system A vulnerability in the BIND DNS server is related to the loading ...

Siemens SIMATIC S7-1500 Uncontrolled Search Path Element (CVE-2020-15523)

In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading...

ROS-20251113-06

The BIND DNS server vulnerability is related to a pseudo-random number generator PRNG vulnerability. Exploitation exploitation of the vulnerability could allow a remote attacker to compromise the integrity of data in the DNS system A vulnerability in the BIND DNS server is related to the loading ...

CVE-2025-42895

Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability o...

Apache OpenOffice 安全漏洞

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. An information disclosure vulnerability exists in Apache OpenOffice, which is caused due to a lack o...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990770)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990770 advisory. In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if listversions races with module loading listversions will first...

EulerOS 2.0 SP10 : perl (EulerOS-SA-2025-2426)

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread...

CVE-2025-40763

A vulnerability has been identified in Altair Grid Engine All versions V2026.0.0. Affected products do not properly validate environment variables when loading shared libraries, allowing path hijacking through malicious library substitution. This could allow a local attacker to execute arbitrary...

kernel: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpurun loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpurun loop to fix a bug where KVM can load hardware with a stale...

EUVD-2025-60984

Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability o...

CVE-2025-42895

Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability o...

CVE-2025-42895

CVE-2025-42895 affects the SAP HANA JDBC Client. The vulnerability arises from insufficient validation of connection property values, allowing a high-privilege, locally authenticated user to supply crafted parameters that lead to unauthorized code loading. According to the connected sources, the ...

SAP HANA 代码注入漏洞

SAP HANA is a set of high-performance real-time data analytics platform from Germany's SAP SAP. The platform provides data query functionality to support users to query and analyze real-time business data. A code injection vulnerability exists in SAP HANA that stems from insufficient validation o...