CVE-2026-7310

A heap-based buffer overflow vulnerability exists in XML parser functionality in the HiDraw. An authenticated malicious user with local access can exploit this vulnerability using a specially crafted XML file which may lead to memory corruption and potential arbitrary code execution. Successful...

MiracleLinux 4 : mysql-5.1.69-1.0.1.AXS4 (AXSA:2013-430:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-430:03 advisory. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many...

EUVD-2020-23866

Malware in sbrugna...

EUVD-2020-6527

Malware in sbrugna...

EUVD-2022-6620

Malicious code in bioql PyPI...

CVE-2024-41986

A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data...

CVE-2025-42949

CVE-2025-42949 : A missing authorization check in the ABAP Platform could allow an authenticated user with elevated privileges to bypass authorization for common transactions via the SQL Console and read database table contents, exposing data confidentiality. The impact is limited to confidential...

CVE-2025-5987

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

CVE-2025-5987

CVE-2025-5987 affects libssh when using ChaCha20 with OpenSSL. Root cause: OpenSSL error codes alias with SSH_OK, causing libssh to miss detection of an error during ChaCha20-Poly1305 key setup, potentially leading to a partially initialized cipher context and undefined behavior that can compromi...

Vulnerability of the peakpciRemove() function in the drivers/net/can/sja1000/peakpci.c module – A Linux kernel CAN device driver support mechanism that allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerability of the peakpciRemove function in the drivers/net/can/sja1000/peakpci.c module – The Linux kernel’s CAN network device driver has a vulnerability related to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the...

Amazon Linux AMI : runc (ALAS-2021-1556)

The version of runc installed on the remote host is prior to 1.0.0-0.1.20200204.gitdc9208a.1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1556 advisory. runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor...

The vulnerability of the hdmi_14_processTransaction() function in the amdgpu driver of the Linux operating system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the hdmi14processTransaction function in the driver/gpu/drm/amd/display/dc/hdcp/hdcpmsg.c file of the amdgpu driver for the Linux operating system is related to incorrect index calculations. Exploiting this vulnerability could allow an attacker to compromise the...

The vulnerability of the posix_lock_inode() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the posixlockinode function in the fs/locks.c module of the Linux operating system is related to the reutilization of previously freed memory due to concurrent access to resources. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

The vulnerability of the Dawn component in browsers such as Google Chrome and Microsoft Edge allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Dawn component in Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information by loading a specially create...

undertow: Cookie Smuggling/Spoofing

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

CVE-2024-22130

Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled...

The vulnerability of the fromSetIpMacBind() function in Tenda AC10U router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the fromSetIpMacBind function in Tenda AC10U router software lies in the fact that the operation’s output goes beyond the buffer in memory when processing the list parameter. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, a...

VulnCheck KEV: CVE-2023-37580

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data...

CVE-2023-22812

SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data...

CVE-2021-3688

A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolons. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest...