CVE-2025-62609

MLX (on Apple silicon) prior to version 0.29.4 is affected by a wild pointer dereference in mlx::core::load_gguf() when loading malicious GGUF files, dereferencing an untrusted pointer from gguflib without validation and causing a crash. The issue stems from loading external GGUF data and manifes...

CVE-2025-65029

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference IDOR vulnerability allows any authenticated user to delete arbitrary participants from polls without ownership verification. The endpoint relies solely on a participant ID to...

CVE-2025-64524 CUPS rastertopclx Filter Vulnerable to Heap Buffer Overflow Leading to Potential Arbitrary Code Execution

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0.1 and prior, a heap-buffer-overflow vulnerability in the rastertopclx filter causes the program to crash with a segmentation fault...

PT-2025-47563

Name of the Vulnerable Software and Affected Versions RomM versions prior to 4.4.1 RomM version 4.4.1-beta.2 Description RomM allows users to scan, enrich, browse, and play their game collections. The software contains multiple unrestricted file upload flaws that permit authenticated users to...

TencentOS Server 2: webkitgtk4 (TSSA-2025:0554)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0554 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

CVE-2025-65021 Rallly Has Unauthorized Poll Finalization via Insecure Direct Object Reference (IDOR)

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability exists in the poll finalization feature of the application. Any authenticated user can finalize a poll they do not own by manipulating the pollId parameter in...

CLSA-2025-1762957887 perl-App-cpanminus: Fix of CVE-2024-45321

CVE-2024-45321: patch the code to use https instead of http...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2025-2415)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-12405 Unauthorized access through stored credentials in Looker Studio

An improper privilege management vulnerability was found in Looker Studio. It impacted all JDBC-based connectors. A Looker Studio user with report view access could make a copy of the report and execute arbitrary SQL that would run on the data source database due to the stored credentials attache...

Fedora 43 : mupen64plus (2025-123e2abe71)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-123e2abe71 advisory. Patch CVE-2025-29366 and CVE-2025-29366 There should be no change in behaviour. Tenable has extracted the preceding description block directly from the Fedor...

RHSA-2025:19793 Red Hat Security Advisory: bind9.16 security update

Bulletin has no description...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988948)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988948 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: refactor malicious adv data check Check for out-of-bound read was being performed at t...

MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling

Due to an incorrect use of loose == instead of strict === comparison in the authentication code1, PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation. 1:...

CVE-2025-62606

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a...

EUVD-2022-54971

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix missing free nid in f2fshandlefailedinode This patch fixes xfstests/generic/475 failure. 293.680694 F2FS-fs dm-1: May loss orphan inode, run fsck to fix. 293.685358 Buffer I/O error on dev dm-1, logical block 8388592,...

AZL-68465 CVE-2025-39968 affecting package kernel for versions less than 6.6.112.1-1

In the Linux kernel, the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can request. Add it...

CVE-2025-62176

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...

CVE-2025-11445 Kilo Code Prompt ClineProvider.ts ClineProvider injection

A vulnerability was detected in Kilo Code up to 4.86.0. Affected is the function ClineProvider of the file src/core/webview/ClineProvider.ts of the component Prompt Handler. Performing manipulation results in injection. The attack can be initiated remotely. The exploit is now public and may be...

CVE-2023-53619

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: Avoid nfcthelperhash uses after free If nfconntrackinitstart fails for example due to a registernfconntrackbpf failure, the nfconntrackhelperfini clean-up path frees the nfcthelperhash map. When built with...

EUVD-2017-4589

Malware in sbrugna...