PT-2025-46540

Name of the Vulnerable Software and Affected Versions Altair Grid Engine versions prior to 2026.0.0 Description The software does not properly validate environment variables when loading shared libraries, which can allow for path hijacking through malicious library substitution. A local attacker...

PT-2025-46235

Name of the Vulnerable Software and Affected Versions SAP HANA JDBC Client affected versions not specified Description The SAP HANA JDBC Client contains a flaw due to inadequate validation of connection property values. A locally authenticated, high-privilege user can provide specially crafted...

CVE-2025-64512 pdfminer.six vulnerable to Arbitrary Code Execution via Crafted PDF Input

Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...

CVE-2025-12487

oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...

CVE-2025-12488

oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...

Malicious Package

Overview paysera-loading-spinner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

CVE-2025-12487 oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability

oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...

Security Bulletin: Due to use of jackrabbit-spi-commons IBM webMethods BPM is vulnerable to loading privileges using unsecured document build

Summary IBM webMethods BPM is using jackrabbit-spi-commons which is affected by a known vulnerability CVE-2025-53689. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-53689 DESCRIPTION: Blind XXE Vulnerabilities in jackrabbit-spi-commo...

WordPress Community Events plugin cross-site scripting vulnerability

WordPress Community Events plugin is an event management plugin for the WordPress platform that allows users to create and display event calendars with support for AJAX dynamic loading and event submission form functionality. WordPress Community Events plugin suffers from a cross-site scripting...

Arbitrary Code Execution

Keras is vulnerable to Arbitrary Code Execution. The vulnerability is due to Model.loadmodel not honoring safemode=True when reading legacy .h5/.hdf5 archives and deserializing pickled Lambda-layer code from a crafted model file, which allows an attacker to supply a malicious archive that execute...

CVE-2025-43496

The issue was addressed by adding additional logic. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. Remote content may be loaded even when the 'Load Remote Images' setting is turned off...

Apple多款产品 安全漏洞

Apple iOS and others are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple watchOS is an operating system for smartwatches.Apple macOS is a specialized operating system developed for Mac computers. A security vulnerability exists in several Apple products...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: LoongArch: Optimized module load time by optimizing PLT/GOT counting. When CONFIGKASAN, CONFIGPREEMPTVOLUNTARYBUILD, and CONFIGPREEMPTVOLUNTARY are enabled simultaneously, a soft deadlock may occur. The relevant logs are as...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Check for rtd == NULL in sndsocremovepcmruntime The function sndsocremovepcmruntime might be called with rtd == NULL, which will lead to a null pointer derefrence. This issue was reproduced when topology loading was...

CVE-2025-63675

cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...

Linux Distros Unpatched Vulnerability : CVE-2025-57106

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitware VTK Visualization Toolkit up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the...

CVE-2025-62776

The installer of WTW EAGLE for Windows 3.0.8.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application...

EUVD-2024-55044

Potential privilege escalation issue in Revenera InstallShield version 2023 R1 running a renamed Setup.exe on Windows. When a local administrator executes a renamed Setup.exe, the MPR.dll may get loaded from an insecure location and can result in a privilege escalation. The issue has been fixed i...

EUVD-2025-36634

Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery...

CVE-2025-12058

The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...