17012 matches found
CVE-2025-0003
Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability...
openSUSE 16 Security Update : pnpm (openSUSE-SU-2025-20115-1)
"The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20115-1 advisory. Changes in pnpm: - update to 10.22.0: Minor Changes - Added support for trustPolicyExclude 10164. You can now list one or more specific package...
⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
Hackers aren't kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and "trusted" partners — and turn them against us. One bad download can leak your keys. One weak vendor can expose many customers at once. One guest...
CVE-2025-41739
An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service...
CVE-2025-41738
An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service DoS condition...
EUVD-2025-199975
An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service DoS condition...
PT-2025-48434
An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service...
Security Bulletin: A vulnerability in IBM Semeru Runtime affects z/Transaction Processing Facility
Summary There is a vulnerability in IBM® Semeru Runtime Certified Edition 11 and IBM® Semeru Runtime Certified Edition 21 that are used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-30754 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle...
WebAssembly Micro Runtime frame_offset_bottom array bounds overflow in fast Interpreter mode when handling GET_GLOBAL(I32) followed by if opcode
...
WebAssembly Micro Runtime vulnerable to a segmentation fault in v128.store instruction
...
OESA-2025-2752 containerd security update
containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus
Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus have been addressed. Vulnerability Details CVEID:CVE-2025-30761 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java...
OPENSUSE-SU-2025:20115-1 Security update for pnpm
This update for pnpm fixes the following issues: Changes in pnpm: - update to 10.22.0: Minor Changes - Added support for trustPolicyExclude 10164. You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy...
AMD Xilinx Run Time Lockout Insufficient Protection Vulnerability
AMD Xilinx Run Time is a standardized runtime environment developed by AMD for Xilinx FPGAs that provides a unified software interface to optimize FPGA arithmetic. AMD Xilinx Run Time suffers from a locking protection deficiency vulnerability that can be exploited by an attacker to cause reuse...
AMD Xilinx Run Time Elevation of Privilege Vulnerability
AMD Xilinx Run Time is a standardized runtime environment developed by AMD for Xilinx FPGAs that provides a unified software interface to optimize FPGA arithmetic. An elevation of privilege vulnerability exists in AMD Xilinx Run Time that stems from insufficient authentication and can be exploite...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime (CVE-2025-53057 & CVE-2025-53066))
Summary IBM App Connect Enterprise is vulnerable to Improper Access Control and Exposure of Sensitive Information to an Unauthorized Actor due to IBM Semeru Runtime. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component...
Oracle Linux 9 : go-rpm-macros (ELSA-2025-22005)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-22005 advisory. - Rebuilt to include Go1.25.3 to address CVE-2025-47906 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...
CVE-2025-64713
WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When framerefbottom and frameoffsetbottom arrays are at capacity and a GETGLOBALI32...
CVE-2025-64704
WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. Prior to version 2.4.4, WAMR is susceptible to a segmentation fault in v128.store instruction. This issue has been patched in version 2.4.4...
CVE-2025-64713
WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When framerefbottom and frameoffsetbottom arrays are at capacity and a GETGLOBALI32...