Update 25.18 for Microsoft Dynamics 365 Business Central 2024 Release Wave 2 (Application Build 25.18.48229, Platform Build 25.2.48119)

Update 25.18 for Microsoft Dynamics 365 Business Central 2024 Release Wave 2 Application Build 25.18.48229, Platform Build 25.2.48119 Overview This update replaces previously released updates. You should always install the latest update.After you install this hotfix, you might have to update your...

SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering

SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary sanitization. When a victim opens a note containing a malicious...

CVE-2021-27194

Cleartext transmission of sensitive information in Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to gather credentials including Windows login usernames and passwords...

CVE-2025-9068

A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File MSI repair functionality, installed with FTLinx. Authenticated attackers with valid Windows Users credentials can initiate a repair and hijack the resulting console window for vbpinstall.exe. This...

CVE-2025-9067

CVE-2025-9067 describes a privilege-escalation vulnerability in the x86 Microsoft Installer File (MSI) used with Rockwell Automation FactoryTalk Linx/FTLinx. Authenticated Windows users can initiate a repair via the MSI, hijack the repair console (e.g., vbpinstall.exe in the Rockwell MSI path), a...

CVE-2025-9068

CVE-2025-9068 affects Rockwell Automation Driver Package x64 MSI repair functionality (installed with FTLinx). Authenticated Windows users can initiate a repair and hijack the console window for vbpinstall.exe, spawning a SYSTEM-level command prompt with full access to files, processes, and syste...

Rockwell Automation FactoryTalk Linx 安全漏洞

Rockwell Automation FactoryTalk Linx is a suite of industrial communication solutions from Rockwell Automation USA. The product is primarily used to communicate between small applications and large automation systems, among others. A security vulnerability exists in Rockwell Automation FactoryTal...

PT-2025-41916

Name of the Vulnerable Software and Affected Versions FTLinx versions affected versions not specified Description A security issue exists in the x86 Microsoft Installer MSI used with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a repair and hijack the resulting...

EUVD-2019-9356

Malware in sbrugna...

EUVD-2024-46284

Malicious code in bioql PyPI...

EUVD-2025-18099

Malicious code in bioql PyPI...

SharpKatz

This is a port of the mimikatz tool, specifically the sekurlsa::logonpasswords, sekurlsa::ekeys, and lsadump::dcsync commands, to C and .NET. The tool is called SharpKatz. The tool is designed to extract sensitive information from a Windows system, including: Logon passwords Kerberos encryption...

Mozilla Thunderbird < 139.0.2

The version of Thunderbird installed on the remote Windows host is prior to 139.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2025-50 advisory. - A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's...

CVE-2025-3877

CVE-2025-3877 is rejected/not used; this entry does not represent an active vulnerability.

thunderbird: Leak of hashed Window credentials via crafted attachment URL

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to...

thunderbird: Leak of hashed Window credentials via crafted attachment URL

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to...

thunderbird: Leak of hashed Window credentials via crafted attachment URL

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to...

thunderbird: Leak of hashed Window credentials via crafted attachment URL

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to...

thunderbird: Leak of hashed Window credentials via crafted attachment URL

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to...

thunderbird: Leak of hashed Window credentials via crafted attachment URL

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to...