Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libpng (UTSA-2025-991286)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991286 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to befor...

Foxit PDF Reader和Foxit PDF Editor 安全漏洞

Foxit PDF Reader and Foxit PDF Editor are both products of Foxit, a Chinese company.Foxit PDF Reader is a PDF reader.Foxit PDF Editor is a PDF editor. A security vulnerability exists in Foxit PDF Reader and Foxit PDF Editor versions prior to 2025.2.1, prior to 14.0.1, and prior to 13.2.1, which...

SUSE SLES12 Security Update : python36 (SUSE-SU-2025:4487-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4487-1 advisory. - CVE-2025-6075: quadratic complexity in os.path.expandvars can lead to performance degradation when values passed to it are user-controlled...

CVE-2025-68388

Allocation of resources without limits or throttling CWE-770 allows an unauthenticated remote attacker to cause excessive allocation CAPEC-130 of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat...

CVE-2025-34449 Genymobile/scrcpy <= 3.3.3 Global Buffer Overflow

Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the scdevicemsgdeserialize function. A compromised device can send crafted messages that cause out-of-bounds reads, which may result in memory corruption or a denial-of-servic...

CVE-2025-34449

Genymobile/scrcpy

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the LocalNode.Sess function when processing a crafted Local SEID header in a PFCP Session Modification Request. An attacker can disrupt service availability or cause other unintended effects by sending speciall...

CVE-2025-14823

In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored a...

CVE-2025-68469

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue...

CVE-2025-14823 Certificate Signing Extension Returns Encrypted Values

In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored a...

CVE-2025-68278 tinacms vulnerable to arbitrary code execution

Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cl...

CVE-2025-47387

Memory Corruption when processing IOCTLs for JPEG data without verification...

CVE-2025-47387 Untrusted Pointer Dereference in Camera

Memory Corruption when processing IOCTLs for JPEG data without verification...

CVE-2025-47387 Untrusted Pointer Dereference in Camera

Memory Corruption when processing IOCTLs for JPEG data without verification...

[SECURITY] Fedora 42 Update: vips-8.17.3-1.fc42

VIPS is an image processing library. It is good for very large images even larger than the amount of RAM in your machine, and for working with color. This package should be installed if you want to use a program compiled against VIPS...

[SECURITY] Fedora 43 Update: vips-8.17.3-1.fc43

VIPS is an image processing library. It is good for very large images even larger than the amount of RAM in your machine, and for working with color. This package should be installed if you want to use a program compiled against VIPS...

EulerOS Virtualization 2.13.1 : libarchive (EulerOS-SA-2025-2548)

According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdta...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting, and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg version 8.0, which stems from an integer overflow in the yuv2ya16Xctemplate function, which could lead to memory corruption...

CVE-2025-43536

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing maliciously crafted web content may lead to an unexpected process crash...

EUVD-2024-26381

In jose4j before 0.9.5, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...