Ivanti Connect Secure Unauthenticated Remote Code Execution via Stack-based Buffer Overflow

This module exploits a Stack-based Buffer Overflow vulnerability in Ivanti Connect Secure to achieve remote code execution CVE-2025-22457. Versions 22.7R2.5 and earlier are vulnerable. Note that Ivanti Pulse Connect Secure, Ivanti Policy Secure and ZTA gateways are also vulnerable but this module...

CVE-2025-47774

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. The reason is that for these source locations, the...

CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, concat may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions...

CVE-2025-47285

CVE-2025-47285 affects Vyper up to and including 0.4.2rc1, where the built-in concat() may skip evaluation of side effects when an argument has zero length due to a fastpath in the implementation. The issue arises because argument expressions with zero length may bypass evaluation, which could su...

CVE-2025-2527

Mattermost versions 10.5.x = 10.5.2, 9.11.x = 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request...

Alibaba Cloud Linux 3 : 0116: rust-toolset:rhel8 (ALINUX3-SA-2022:0116)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0116 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-12083: The Rust Programming...

php: Leak partial content of the heap through heap buffer over-read in mysqlnd

A flaw was found in the PHP MySQL client library. This vulnerability allows a hostile MySQL server to disclose the content of the client's heap, potentially exposing data from other SQL requests and other users of the same server via malicious server interactions...

Schneider Electric Modicon Controllers (Update B)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

SAP S/4HANA Cloud Private 代码注入漏洞

SAP S/4HANA Cloud Private is a private cloud-deployed, enterprise-grade, intelligent ERP suite based on in-memory computing architecture from SAP, Germany. A code injection vulnerability exists in SAP S/4HANA Cloud Private, which stems from a lack of input validation and authorization checking an...

ALSA-2025:7107 Moderate: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ALSA-2025:7049 Moderate: python-requests security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

About Remote Code Execution – Erlang/OTP (CVE-2025-32433) vulnerability

About Remote Code Execution - Erlang/OTP CVE-2025-32433 vulnerability. Erlang is a programming language used to build massively scalable soft real-time systems with requirements for high availability. Used in telecom, banking, e-commerce, telephony, and messaging. OTP is a set of Erlang libraries...

CVE-2025-46718

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This vulnerability allows users with limited sudo privileges to enumerat...

Moderate: python39:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

[SECURITY] Fedora 41 Update: php-adodb-5.22.9-1.fc41

ADOdb is an object oriented library written in PHP that abstracts database operations for portability. It is modelled on Microsoft's ADO, but has many improvements that make it unique eg. pivot tables, Active Record support, generating HTML for paging recordsets with next and previous links, cach...

[SECURITY] Fedora 41 Update: python-h11-0.14.0-7.fc41

This is a little HTTP/1.1 library written from scratch in Python, heavily inspired by hyper-h2. It is a "bring-your-own-I/O" library; h11 contains no IO code whatsoever. This means you can hook h11 up to your favorite network API, and that could be anything you want: synchronous, threaded,...

CVE-2025-46712

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 for OTP-25, Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This...

CVE-2025-3876

creationtimestamp| type| source ---|---|--- 2025-05-10 11:26:51+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15890 2025-05-10 13:01:53+00:00| seen| https://bsky.app/profile/FunctionalProgramming.activitypub.awakari.com.ap.brid.gy/post/3losugcc7esc2 2025-05-10...

CVE-2025-4470

creationtimestamp| type| source ---|---|--- 2025-05-09 07:25:22+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15682 2025-05-09 09:21:35+00:00| seen| https://bsky.app/profile/FunctionalProgramming.activitypub.awakari.com.ap.brid.gy/post/3lopwpboayxk2 2025-05-09...

perl security update

An update is available for perl. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Perl is a high-level programming language that is commonly used for system...