CVE-2025-12875

A weakness has been identified in mruby 3.4.0. This vulnerability affects the function aryfillexec of the file mrbgems/mruby-array-ext/src/array.c. Executing a manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been...

CVE-2025-62231 affecting package xorg-x11-server-Xwayland for versions less than 24.1.6-3

CVE-2025-62231 affecting package xorg-x11-server-Xwayland for versions less than 24.1.6-3. A patched version of the package is available...

CVE-2025-12745

A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function jsarraybufferslice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public a...

EUVD-2025-37919

A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function jsarraybufferslice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public a...

Multiple Roboticsware products register Windows services with unquoted file paths

Overview Multiple Roboticsware products provided by Roboticsware PTE. LTD. contain the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-64151 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...

Python DoS Vulnerability (Oct 2025) - Windows

Python is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

PT-2025-44632

Name of the Vulnerable Software and Affected Versions BEO GmbH BEO Atlas Einfuhr Ausfuhr version 3.0 Description A reflected cross-site scripting XSS issue exists in BEO GmbH BEO Atlas Einfuhr Ausfuhr 3.0. This allows attackers to execute arbitrary code within a user’s browser. Exploitation occur...

CVE-2025-12203

A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation of the argument File can lead to path traversal. The attack can be launched remotely. The exploit...

PT-2025-43893

Name of the Vulnerable Software and Affected Versions projectworlds Advanced Library Management System version 1.0 Description A flaw exists in projectworlds Advanced Library Management System that allows for remote code execution through SQL injection. Manipulation of the keywords argument withi...

PT-2025-43968

Name of the Vulnerable Software and Affected Versions Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System version 1.0 Description A flaw exists in the system that allows for cross site scripting. Manipulation of the category id argument in the file...

Linux Distros Unpatched Vulnerability : CVE-2025-40002

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - thunderbolt: Fix use-after-free in tbdpdprxwork The original code relies on canceldelayedwork in tbdpdprxstop, which does not ensure that the delayed work item...

PT-2025-44004

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The software allows for the disclosure of email passwords. The issue affects Azure Access Tech BLU-IC2 and BLU-IC4. It is recommended to restrict access and enable...

PT-2025-43665

Name of the Vulnerable Software and Affected Versions PerfreeBlog version 4.0.11 Description The software contains a flaw that allows for arbitrary file deletion through the unInstallTheme function. Recommendations Update to a newer version that contains a fix for this vulnerability. As a tempora...

CVE-2025-7546 affecting package gdb for versions less than 11.2-7

CVE-2025-7546 affecting package gdb for versions less than 11.2-7. A patched version of the package is available...

CVE-2025-10823 affecting package fio for versions less than 3.30-3

CVE-2025-10823 affecting package fio for versions less than 3.30-3. A patched version of the package is available...

PT-2025-46556

Name of the Vulnerable Software and Affected Versions Ceph affected versions not specified Description A denial-of-service issue exists in Ceph’s RGW component due to improper input validation. Specifically, providing an empty string as the content for the x-amz-copy-source argument when putting ...

TencentOS Server 2: python3 (TSSA-2025:0803)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0803 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2025-8885], [CVE-2025-8916]

Summary Bouncycastle bcprov is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This bulletin provides patch information to address the reported...

CVE-2025-11944

A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and...

OESA-2025-2412 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: A critical vulnerability was found in GNU Binutils version 2.45. This vulnerability is classified as CWE-122...