Assimp 安全漏洞

Assimp is an open-source library developed by Assimp. It is used for importing and exporting various 3D model formats. Versions of Assimp 6.0.4 and earlier contained security vulnerabilities. These vulnerabilities stemmed from a function in the 4x4 Matrix Parser component called...

Assimp 代码问题漏洞

Assimp is an open-source library developed by Assimp. It is used for importing and exporting various 3D model formats. Versions of Assimp 6.0.4 and earlier contained code vulnerabilities. These vulnerabilities originated from a function in the TF File Handler component called...

cramfs-tools 后置链接漏洞

cramfs-tools is a compression read-only file system tool developed by Nicolas Pitre. Versions of cramfs-tools prior to 2.2 had a post-installation link vulnerability. This vulnerability stemmed from the operation of the changefilestatus function in the cramfsck.c file, which allowed symbolic link...

MCP Research Server 路径遍历漏洞

MCP Research Server is a server for searching and extracting research papers, developed by Elie Schoppik. Version 0.1.0 of MCP Research Server has a path traversal vulnerability. This vulnerability stems from the topic parameter used in the searchpapers function within the researchserver.py file,...

Artifex Software MuPDF 缓冲区错误漏洞

Artifex Software MuPDF is a free and lightweight PDF reader developed by Artifex Software in the United States. Versions of Artifex Software MuPDF 1.28.0 and earlier contain a buffer error vulnerability. This vulnerability stems from the fzsubsetcffforgids function in the CFF Index Handler...

USN-8201-1 linux-azure-5.4 vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

Mobatek MobaXterm 安全漏洞

Mobatek MobaXterm is a terminal software developed by the French company Mobatek. It integrates an enhanced terminal, X servers, and Unix command sets GNU/Cygwin. The Mobatek MobaXterm Home Edition 26.1 and earlier versions have security vulnerabilities. These vulnerabilities stem from an unknown...

musl libc 安全漏洞

musl libc is an open-source C language standard library developed by musl. It is primarily used in embedded systems and mobile devices. Versions of musl libc up to 1.2.6 contained security vulnerabilities, which were caused by inefficient algorithms and could lead to local attacks...

A11y MCP Server 代码问题漏洞

A11y MCP Server is a web accessibility testing tool developed by Priyankar Kumar as an individual project. Versions of A11y MCP Server 1.0.5 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the A11yServer function locat...

Iperius Backup 安全漏洞

Iperius Backup is a backup tool developed by the Italian company Iperius Backup. Iperius Backup versions 8.7.2 and earlier contained a security vulnerability. This vulnerability stemmed from the use of a hardcoded encryption key in the IperiusAccounts.ini file, which could lead to local attacks...

SUSE SLES15 / openSUSE 15 Security Update : kea (SUSE-SU-2026:1091-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1091-1 advisory. Update to release 2.6.3 bsc1243240: - CVE-2025-32801: Fixed loading a malicious hook library can lead to local...

Ubuntu 24.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8125-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8125-1 advisory. Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these...

USN-8107-1 linux-aws-fips vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

Security update for kea

This update for kea fixes the following issues: Update to release 2.6.3 bsc1243240: CVE-2025-32801: Loading a malicious hook library can lead to local privilege escalation. CVE-2025-32802: Insecure handling of file paths allows multiple local attacks. CVE-2025-32803: Insecure file permissions can...

Medium: qt5-qt3d

Issue Overview: A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument tmp...

yosys 安全漏洞

Yosys is an open-source Synthesis suite developed by Yosys Headquarters. Versions of yosys prior to 0.62 contain security vulnerabilities. These vulnerabilities stem from a heap buffer overflow in the Yosys::RTLIL::Const::set function found in the kernel/rtlil.h file, which could lead to local...

lily 缓冲区错误漏洞

Lily is a programming language developed by FascinatedBox’s individual developers. Versions of Lily prior to 2.3 contained a buffer error vulnerability. This vulnerability stems from an out-of-bounds read in the counttransforms function located in the src/lilyemitter.c file, which could lead to...

SQUIRREL 安全漏洞

SQUIRREL is a programming language developed by Alberto Demichelis. It is the stable version of SQUIRREL 3.2. Versions of SQUIRREL 3.2 and earlier have security vulnerabilities. These vulnerabilities stem from a heap buffer overflow in the SQObjectPtr::operator function in the sqobject.h library,...

Notepad2 代码问题漏洞

Notepad2 is a text editor developed by Florian Balmer. Versions 4.2.22, 4.2.23, 4.2.24, and 4.2.25 of Notepad2 have code vulnerabilities. These vulnerabilities stem from an uncontrolled search path in the Msimg32.dll library, which could lead to local attacks...

Total VPN 代码问题漏洞

Total VPN is a virtual private network service software provided by the American company Total VPN. Version 0.5.29.0 of Total VPN has a code vulnerability. This vulnerability stems from an issue with search paths in the file C:Program FilesTotal VPNwin-service.exe that are not enclosed in quotati...