EUVD-2026-36399

A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...

PT-2026-48850

A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...

CVE-2026-26208

CVE-2026-26208 affects ADB Explorer (Windows). It is vulnerable to insecure deserialization via JSON settings file deserialization: the app deserializes App.txt with Json.NET in which TypeNameHandling is set to Objects, enabling a crafted JSON file (for example containing an ObjectDataProvider ga...

CVE-2026-26208 ADB Explorer Vulnerable to Remote Code Execution via Insecure Deserialization

ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable to Insecure Deserialization leading to Remote Code Execution. The application attempts to deserialize the App.txt settings file using Newtonsoft.Json with TypeNameHandling set to Objects. This allo...

TencentOS Server 3: .NET 8.0 (TSSA-2024:0048)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0048 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

EUVD-2016-3960

Malware in sbrugna...

EUVD-2024-0311

Malicious code in bioql PyPI...

EUVD-2023-0341

Malicious code in bioql PyPI...

Malicious code in ac-mvc-data-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 169e9462eb068cce8b3da98f703f0be4a19c54ddaf088f9b6f23613ec34adbaa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-21072

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: Data Provider UI. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base...

CVE-2023-21893

Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful...

[SECURITY] Fedora 40 Update: rust-icu_provider-1.5.0-1.fc40

Trait and struct definitions for the ICU data provider...

[SECURITY] Fedora 42 Update: rust-icu_provider-1.5.0-1.fc42

Trait and struct definitions for the ICU data provider...

SUSE-SU-2024:2568-1 Security update for mockito, snakeyaml, testng

This update for mockito, snakeyaml, testng fixes the following issues: mockito was updated to version 5.11.0: - Added bundle manifest to the mockito-core artifact - Mockito 5 is making core changes to ensure compatibility with future JDK versions. - Switch the Default MockMaker to mockito-inline...

The vulnerability of the Data Provider UI component of the Oracle Installed Base information storage center in the Oracle E-Business Suite allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the Data Provider UI component of the Oracle Installed Base information storage center in the Oracle E-Business Suite exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to read,...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to information disclosure due to Apache Camel (CVE-2024-22371)

Summary Apache Camel is shipped with IBM Tivoli Netcool Impact as part of the data provider interface in the GUI server. Information about a security vulnerability affecting Apache ActiveMQ has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-22371 DESCRIPTION: Apache...

Security Bulletin: A vulnerability in Microsoft .NET Core affects IBM Robotic Process Automation and may result in a bypass of security restrictions (CVE-2024-0056)

Summary A vulnerability in Microsoft .NET Core affects IBM Robotic Process Automation resulting in a bypass of security restrictions. Microsoft .NET Core is used by IBM Robotic Process Automation as part of it's development platform. This bulletin identifies the security fixes to apply to address...

CVE-2024-32655 Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow

Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...

CVE-2024-21072

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: Data Provider UI. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base...

CVE-2024-21072

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: Data Provider UI. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base...