PT-2025-50567

Name of the Vulnerable Software and Affected Versions Pyrofork versions 2.3.68 and earlier Description Pyrofork is an asynchronous MTProto API framework. Versions 2.3.68 and earlier do not properly sanitize filenames received from Telegram messages before using them in file path construction with...

SUSE SLES15 Security Update : python-Jinja2 (SUSE-SU-2025:1004-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:1004-2 advisory. - CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method bsc1238879 Tenable has extracted the preceding...

EUVD-2025-202333

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...

CVE-2020-36892

Eibiz i-Media Server Digital Signage 3.8.0 is affected by an unauthenticated privilege escalation in the updateUser object. The issue allows attackers to modify user roles by abusing the /messagebroker/amf endpoint without authentication, enabling privilege elevation and potential account takeove...

CVE-2025-13953

Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory LDAP login method. Authentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data...

Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method bsc1238879 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:1004-2 Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: - CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method bsc1238879...

EUVD-2025-201906

An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This...

CVE-2025-34397

CVE-2025-34397 : MailEnable

CVE-2025-32319

In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep foreground permissions due to a permissions bypass. This could lead to local escalation of privilege with user execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-14308

An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This...

CVE-2025-14308

An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This...

CVE-2025-42616

Some endpoints in vulnerability-lookup that modified application state e.g. changing database entries, user data, configurations, or other privileged actions may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw leaves the application vulnerable to Cross-Site...

October 14, 2025—KB5066782 (OS Build 20348.4294)

October 14, 2025—KB5066782 OS Build 20348.4294 Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices for the pa...

CVE-2025-14308 Integer Overflow in Robocode's Buffer Write Method

An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This...

CVE-2025-14308

An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This...

NVIDIA Isaac-GR00T secure_server Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of NVIDIA Isaac-GR00T. Authentication is not required to exploit this vulnerability. The specific flaw exists within the secureserver method. The issue results from the lack of authentication prior to...

SAP NetWeaver 安全漏洞

SAP NetWeaver is a set of integrated service-oriented application platforms from SAP, Germany. The platform primarily provides a development and runtime environment for SAP applications. A security vulnerability exists in SAP NetWeaver that stems from insufficient input validation and improper...

Substitution Cipher Based on The Voynich Manuscript

Here's a fun paper: "The Naibbe cipher: a substitution cipher that encrypts Latin and Italian as Voynich Manuscript-like ciphertext": Abstract: In this article, I investigate the hypothesis that the Voynich Manuscript MS 408, Yale University Beinecke Library is compatible with being a ciphertext ...

EUVD-2025-201599

A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection. It is...