EUVD-2026-10795

Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible...

CVE-2025-9289 Cross-Site Scripting (XSS) on Omada Controllers

A Cross-Site Scripting XSS vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If...

CVE-2025-43875

Under certain circumstances a successful exploitation could result in access to the device...

EUVD-2017-6308

Malware in sbrugna...

CVE-2020-3964

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.2, and Fusion 11.x before 11.5.2 contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may b...

CVE-2020-3969

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5 contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual...

CVE-2025-31498

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...

CVE-2022-25610

Unauthenticated Stored Cross-Site Scripting XSS in Simple Ajax Chat = 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit...

DRUPAL-CONTRIB-2021-015

Chaos tool suite ctools module provides a number of APIs and extensions for Drupal, its 8.x-3.x branch is a start from scratch to evaluate the features of ctools that didn't make it into Drupal Core 8.0.x and port them. The module doesn't sufficiently handle block access control on its EntityView...

Padding-oracle attack on TLS CBC cipher mode

A vulnerability affecting some implementations of TLS 1.x with CBC cipher modes has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions CVE-2014-8730. This padding-oracle attack on TLS CBC cipher modes is a variant of the POODLE vulnerability,...

Zarafa WebApp Denial of Service Vulnerability

Zarafa WebApp is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zarafa:webapp"; ...

Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow

Apache modrewrite Windows x86 - Off-by-One Remote Overflow !/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 2.0.46 and 2.2.0 and 2006-08-20...

MOAB-26-01-2007: Apple Installer Package Filename Format String Vulnerability

Summary Apple Installer is the application in charge of handling the installation of packages for Mac OS X, in form of pkg, distz and mpkg files. Installer fails to properly handle package filename strings. It's a affected by a typical format string vulnerability, which can lead to a denial of...

Cisco Security Advisory: Cisco Secure PIX Firewall TCP Reset Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Cisco Secure PIX Firewall TCP Reset Vulnerability Revision 1.0 For Public Release 2000 July 11 06:00 US/Eastern UTC+0400 ------------------------------------------------------------------------ Summary ======= The Cisco Secure PIX Firewall cannot distinguish...