aicerberus

AICerberus 🐺 AI supply chain security scanner — one comma...

appsec-sentinel

AppSec-Sentinel AI-powered security scanner with cross-file...

EUVD-2022-26899

Malicious code in bioql PyPI...

CVE-2025-34154

UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path...

CVE-2025-34154

CVE-2025-34154 affects UnForm Server Manager versions prior to 10.1.12. The issue is in the arc endpoint's log file analysis interface, where the fl parameter lacks proper input validation and path sanitization, allowing unauthenticated attackers to read arbitrary files on the host (including OS-...

CVE-2025-34154

UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path...

CVE-2025-47219

In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetrak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure...

Thorium Platform Public Availability

Today, CISA, in partnership with Sandia National Laboratories, announced the public availability of Thoriumlink is external, a scalable and distributed platform for automated file analysis and result aggregation. Thorium enhances cybersecurity teams' capabilities by automating analysis workflows...

CVE-2024-48541

Incorrect access control in the firmware update and download processes of Ruochan Smart v4.4.7 allows attackers to access sensitive information by analyzing the code and data within the APK file...

CVE-2022-21711

elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special...

CVE-2024-48547

Incorrect access control in the firmware update and download processes of DreamCatcher Life v1.8.7 allows attackers to access sensitive information by analyzing the code and data within the APK file...

CVE-2024-48542

Incorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access sensitive information by analyzing the code and data within the APK file...

CVE-2024-20401

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file...

Cisco Secure Email Gateway Arbitrary File Write Vulnerability

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file...

Maxon Cinema 4D 安全漏洞

Maxon Cinema 4D is a 3D drawing software from Maxon, a German company. A security vulnerability exists in Maxon Cinema 4D that originates from a buffer overflow vulnerability in the analysis of SKP files. An attacker can exploit the vulnerability to execute remote code...

Maxon Cinema 4D 安全漏洞

Maxon Cinema 4D is a 3D drawing software from Maxon, a German company. A security vulnerability exists in Maxon Cinema 4D that originates from an out-of-bounds write vulnerability in the analysis of SKP files. An attacker can exploit the vulnerability to execute remote code...

Maxon Cinema 4D 安全漏洞

Maxon Cinema 4D is a 3D drawing software from Maxon, a German company. A security vulnerability exists in Maxon Cinema 4D that originates from an out-of-bounds write vulnerability in the analysis of SKP files. An attacker can exploit the vulnerability to execute remote code...

Maxon Cinema 4D 安全漏洞

Maxon Cinema 4D is a 3D drawing software from Maxon, a German company. A security vulnerability exists in Maxon Cinema 4D that originates from a post-release reuse vulnerability in the analysis of SKP files. An attacker can exploit the vulnerability to execute remote code...

The vulnerability of the OLE2 form file analysis component in the ClamAV antivirus program allows a hacker to trigger a service failure.

The vulnerability of the OLE2 file analysis component in the ClamAV antivirus program lies in the ability to read data beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to cause a service failure by sending a specially crafted OLE2 file...

The vulnerability of the analysis component of the DOE-file software for simulation and automation of discrete events in Arena Simulation allows a perpetrator to execute arbitrary code.

The vulnerability of the DOE-file analysis component of the Arena Simulation software for modeling and automating discrete events involves the ability to read beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...