Monthly Archive: July 2025

The issue was addressed with improved checks. This issue is fixed in tvOS 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.9, macOS Sequoia 15.5, watchOS 11.5, visionOS 2.5, macOS Ventura 13.7.7. A remote attacker...

A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. More information : https://support.apple.com/en-us/124149

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to execute arbitrary code out of its...

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated...

A memory corruption vulnerability due to improper error handling when a VILinkObj is null exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user...

A memory corruption vulnerability due to improper input validation in lvpict.cpp exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a...

A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially...

The WebAssembly Micro Runtime’s (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. In versions 2.4.0 and below, iwasm uses –addr-pool with...

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one...

Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption. More information : https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0013

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `mf-template` DOM Element in all versions up to, and including,...

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may...

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users...

Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the `stable` branch and version 3.5.0.beta.8 on the `tests-passed` branch, upon issuing a physical security key for 2FA, the server generates a...