Visual Studio Code Information Disclosure Vulnerability

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally...

MediaTek Chipsets 安全漏洞

MediaTek Chipsets are a series of chips developed by MediaTek Corporation in China. The MediaTek Chipsets contain security vulnerabilities; these vulnerabilities stem from the lack of boundary checks, leading to out-of-bound reads and potentially exposing local information...

EUVD-2026-4658

pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...

PT-2026-4827

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.28.2 Description pnpm, a package manager, is affected by an issue where installing a file: or git: dependency allows it to follow symlinks and read their target contents without restricting them to the package root. A...

CVE-2021-0665

In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672113; Issue ID: ALPS05672113...

CVE-2025-13321

CVE-2025-13321 affects Mattermost Desktop App versions prior to 6.0.0. The vulnerability stems from failure to sanitize sensitive information in application logs and to purge data on server deletion, enabling an attacker with local access to read potentially sensitive information from logs. Evide...

EUVD-2021-19392

Malware in sbrugna...

EUVD-2018-16904

Malware in sbrugna...

EUVD-2010-2479

Malware in sbrugna...

CVE-2025-48537

In multiple locations, there is a possible way to persistently DoS the device due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26417

CVE-2025-26417 affects the Android framework via the function in DownloadProvider.java, where a bypass of user consent in shared storage could occur due to a confusing deputy. This may enable local information disclosure without requiring additional execution privileges, and does not require user...

Linux Distros Unpatched Vulnerability : CVE-2014-0246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive...

CVE-2024-20065

In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08698617; Issue ID: MSV-1394...

Checkmk 安全漏洞

Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk versions prior to 2.4.0p1, prior to 2.3.0p32, prior to 2.2.0p42, and 2.1.0p49 and earlier, which stems from improper permissions on the automated proxy update package and could lead to a local...

Security Bulletin: IBM Partner Engagement Manager is vulnerable to sensitive data exposure (CVE-2022-34354)

Summary IBM Sterling Partner Engagement Manager has addressed a client HTML5 vulnerability that allows encrypted storage of client data to be stored locally which can be read by another user on the system. Vulnerability Details CVEID:CVE-2022-34354 DESCRIPTION: IBM Sterling Partner Engagement...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection when parsing DTD files. External entities referenced in a malicious DTD document are resolved and retrieved. This allows attackers to expose information from internal URLs that are not meant to be...

CVE-2025-20653

In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291064; Issue I...

openHAB 安全漏洞

openHAB is an open source home automation application from openHAB. A security vulnerability exists in openHAB versions prior to 4.2.1, which stems from the vulnerability of the CometVisu component to an unauthenticated path traversal attack, where an HTTP GET on the component can request a local...

USN-6868-1 linux, linux-aws, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities

Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability CVE-2022-0001 were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive...

CVE-2024-22338

IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978...