CVE-2026-29976

A flaw was found in ZerBea hcxpcapngtool. A local attacker can exploit a buffer overflow vulnerability within the getradiotapfield function. This can lead to the disclosure of sensitive information...

CVE-2026-23664

Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...

CVE-2026-20958

Server-side request forgery ssrf in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network...

CVE-2026-20936

Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack...

CVE-2022-33319

Out-of-bounds Read vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite...

ROS-20251217-7305

A vulnerability in the Omnibox component of the Google Chrome browser is related to the implementation of an incorrect control flow. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information...

EUVD-2020-7628

Malware in sbrugna...

EUVD-2025-17767

Malicious code in bioql PyPI...

CVE-2025-50157

CVE-2025-50157 affects Windows Routing and Remote Access Service (RRAS) with an information disclosure due to use of an uninitialized resource. The base CVSS v3.1 score is 5.7 (Network, Low attack complexity, Privileges Required: Low, User Interaction: Required; Confidentiality Impact: High). Mic...

CVE-2025-7033

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose...

Google Chrome Security Update (stable-channel-update-for-desktop_14-2025-05) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

CVE-2025-3288 Local Code Execution Vulnerability in Arena®

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute...

Mozilla Thunderbird Security Update (mfsa_2025-23) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

PT-2025-26902 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a...

PT-2025-6761 · Unknown · Usb-Convertercable Driver

Name of the Vulnerable Software and Affected Versions: USB-CONVERTERCABLE DRIVER affected versions not specified Description: A security issue has been discovered in USB-CONVERTERCABLE DRIVER, related to the insecure loading of dynamic link libraries, which could allow local attackers to...

CVE-2024-23962

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue...

CVE-2024-9508

CVE-2024-9508 affects Horner Automation Cscape. The vulnerability is a memory corruption issue in CSP file parsing that could allow an attacker to disclose information and execute arbitrary code. According to the sources, exploitation is local with low attack complexity and user interaction requi...

Microsoft Windows Directory Traversal Vulnerability

This vulnerability allows remote attackers to delete arbitrary files or disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of filenames. The issue results from the...

CVE-2024-43415

CVE-2024-43415 — A SQL injection in the decidim_awesome-module (papertrail/version-model) allows an authenticated admin to manipulate SQL queries in vulnerable versions (0.9.0–0.11.1). This can lead to information disclosure, filesystem read/write, or remote code execution. Root cause: improper n...

CVE-2024-43415 Decidim-Awesome: SQL injection in AdminAccountability

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...