155 matches found
EUVD-2025-77498
Malicious code in terriblereindeercopper-67 npm...
EUVD-2025-72384
Malicious code in horsetomato-67 npm...
ERPNext Cross-Site Scripting Vulnerability
ERPNext is an open source enterprise resource planning solution from ERPNext India. A cross-site scripting vulnerability exists in ERPNext version v15.67.0, which stems from improper cleanup of content field inputs by the blog post feature and can be exploited by an attacker to cause a stored...
CVE-2025-54492
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This...
Mozilla Firefox ESR < 140.2
The version of Firefox ESR installed on the remote Windows host is prior to 140.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-67 advisory. - Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,...
Linux Distros Unpatched Vulnerability : CVE-2019-11698
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content...
Linux Distros Unpatched Vulnerability : CVE-2019-11695
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the...
Rethinking and Exploring String-Based Malware Family Classification in the Era of LLMs and RAG
Malware Family Classification MFC aims to identify the fine-grained family e.g., GuLoader or BitRAT to which a potential malware sample belongs, in contrast to malware detection or sample classification that predicts only an Yes/No. Accurate family identification can greatly facilitate automated...
CVE-2023-23898
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in CreativeThemes Blocksy Companion plugin = 1.8.67 versions...
PT-2025-17677 · Nih · Nih Brics
Name of the Vulnerable Software and Affected Versions: NIH BRICS aka Biomedical Research Informatics Computing System versions 14.0.0-67 and earlier Description: The issue allows users without the InET role to access the InET module by making direct requests to known endpoints. Recommendations: F...
Adobe Premiere Pro < 15.4.1 Arbitrary Code Execution (APSB21-67) (macOS)
The version of Adobe Premiere Pro installed on the remote macOS host is prior to 15.4.1. It is, therefore, affected by a vulnerability as referenced in the APSB21-67 advisory. - Adobe Premiere Pro version 15.4 and earlier are affected by a memory corruption vulnerability. An unauthenticated...
Adobe Substance 3D Designer < 14.0 (apsb24-67)
The version of Adobe Substance 3D Designer installed on the remote host is prior to 14.0. It is, therefore, affected by a vulnerability as referenced in the apsb24-67 advisory. - Substance3D - Designer versions 13.1.2 and earlier are affected by an out-of-bounds write vulnerability that could...
Adobe Prelude < 22.6.1 Memory leak (APSB23-67)
The version of Adobe Prelude installed on the remote Windows host is prior to 22.6.1. It is, therefore, affected by a vulnerability as referenced in the APSB23-67 advisory. - Adobe Prelude versions 22.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead t...
Microsoft’s August Patch Tuesday Addresses Active Zero-Day Exploits
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In the August Patch Tuesday release, Microsoft addressed a total of 73 CVEs, encompassing six critical and 67 important vulnerabilities. Within this range of vulnerabilities, the security update...
GHSA-W6F8-MXF5-4VF8 Missing authorization in Liferay portal
The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL...
CVE-2023-33948
The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL...
SUSE CVE-2018-6136
Missing type check in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...
SUSE CVE-2018-6137
CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
SUSE CVE-2018-6140
Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension...
SUSE CVE-2018-6145
Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...