208 matches found
CVE-2024-28956
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...
CVE-2025-3746
creationtimestamp| type| source ---|---|--- 2025-05-02 04:30:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo5yhuxjc72l 2025-05-02 05:01:09+00:00| seen| Telegram/7QEqju-jYCJkVqvbZMxXpX4ajzaYKxifFuPEzR6oDsSpQMc 2025-05-02 07:34:58+00:00| seen| https://t.me/cvedetector/24329...
CVE-2025-46630
creationtimestamp| type| source ---|---|--- 2025-05-01 22:01:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo5cptx5vg2r 2025-05-01 23:12:43+00:00| seen| https://t.me/cvedetector/24273 2025-05-02 15:16:54+00:00| published-proof-of-concept|...
CVE-2025-30425
This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. A malicious website may be able to track users in Safari private browsing mode...
CVE-2025-25373
creationtimestamp| type| source ---|---|--- 2025-03-25 20:24:21+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8756 2025-03-25 23:40:37+00:00| seen| https://t.me/cvedetector/21123 2025-03-26 01:04:14+00:00| seen|...
GHSA-P3X9-6H7P-CGFC
creationtimestamp| type| source ---|---|--- 2025-03-14 18:23:02+00:00| seen| https://bsky.app/profile/buherator.bsky.social/post/3lkea5pjd6i23 2025-03-30 06:32:02+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9547...
CVE-2025-20123
creationtimestamp| type| source ---|---|--- 2025-01-08 16:15:38+00:00| seen| https://infosec.exchange/users/cve/statuses/113793626131390571 2025-01-08 16:15:48+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113793626771738794 2025-01-08 16:16:13+00:00| seen|...
CVE-2024-11034
creationtimestamp| type| source ---|---|--- 2024-11-23 11:27:45+00:00| seen| https://infosec.exchange/users/cve/statuses/113532027828976073 2024-11-24 01:04:33+00:00| seen| https://infosec.exchange/users/vuldb/statuses/113535239658678358...
CVE-2024-50263
creationtimestamp| type| source ---|---|--- 2024-11-11 14:02:58+00:00| seen| https://infosec.exchange/users/cve/statuses/113464690446915585 2024-11-11 16:06:12+00:00| seen| https://t.me/cvedetector/10497...
xorg-x11-server security update
1.20.4-24 - Fix use after free related to CVE-2024-21886 1.20.11-21 - CVE fix for: CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408 and CVE-2024-0409 Resolves: https://issues.redhat.com/browse/RHEL-21207 Resolves: https://issues.redhat.com/browse/RHEL-20528 Resolves:...
CVE-2021-47410
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix svmmigratefini warning Device manager releases device-specific resources when a driver disconnects from a device, devmmemunmappages and devmreleasememregion calls in svmmigratefini are redundant. It causes below...
Vyper's bounds check on built-in `slice()` function can be overflowed
Summary The bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue...
CVE-2023-36807
pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single co...
Transition screen removed when project admin edits a transition
h3. Problem The relevant transition screen gets removed when a project admin without Jira Administrator global permission attempts to edit a transition. h3. Environment Jira h3. Steps to Reproduce Create a new project I used Scrum software development template Modify one of the transitions in the...
Upgraded Q -> 2 from #19 [1685157301242]
Judge has assessed an item in Issue 19 as 2 risk. The relevant finding follows: 1. The first staker of the wxETH can get all the unlocked rewards immediately in the same block. code lines: For the first staker of the wxETH, the totalSupply of the wxETH is 0. So he can wrap the xETH to wxETH as 1:...
Upgraded Q -> 2 from #298 [1683710120837]
Judge has assessed an item in Issue 298 as 2 risk. The relevant finding follows: L-03 Redundant and dangerous len parameter in readKeyValue Links Impact If the len is not set to input.length minus the offset, there may be unpredictable results due how the algorithm works. Proof of Concept Let's...
OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli
Impact This vulnerability affects all accounts vanilla and ethereum flavors in the v0.2.0 release of OpenZeppelin Contracts for Cairo, which are not whitelisted on StarkNet mainnet, so only goerli deployments of v0.2.0 accounts are affected. This faulty behavior is not observed in StarkNet's...
CVE-2022-2244
An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature...
CodeAnalysis - Static Code Analysis
Tencent Cloud Code Analysis TCA for short, code-named CodeDog inside the company early is a comprehensive platform for code analysis and issue tracking. TCA consist of three components, server, web and client. It also supports the integration of other code analysis tools. Code analysis is a...
CVE-2021-43779
GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of...