CVE-2026-35585

CVE-2026-35585 affects File Browser versions 2.0.0–2.63.1. The hook system that runs administrator-defined shell commands on file events (upload/rename/delete) is vulnerable to OS command injection because values like $FILE and $USERNAME are substituted via os.Expand without sanitization. An atta...

CVE-2025-63205

An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive information such as administrator passwords via the...

Fedora 41 : glab (2025-41a6e9b04d)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-41a6e9b04d advisory. Update to 1.67.0 ---- Update to 1.66.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

Microsoft Teams for Desktop < 25122.1415.3698.6812 Remote Code Execution (August 2025)

The version of Microsoft Teams for Desktop on the remote Windows host is prior to 25122.1415.3698.6812 It is, therefore, affected by a remote code execution vulnerability: - Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. CVE-2025-5378...

AZL-64278 CVE-2025-6269 affecting package hdf5 for versions less than 1.14.6-1

A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5Creconstructcacheentry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the...

AZL-52511 CVE-2024-50120 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: smb: client: Handle kstrdup failures for passwords In smb3reconfigure, after duplicating ctx-password and ctx-password2 with kstrdup, we need to check for allocation failures. If ses-password allocation fails, return -ENOMEM. If...

CVE-2022-35629

Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2...

redis: Integer overflow in lua_struct.c:b_unpack()

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking...

tomcat: Multiple weaknesses in HTTP DIGEST authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability th...