ROS-20251216-7371

A vulnerability in the Extensions component of Google Chrome and Microsoft Edge browsers is related to incorrect resource initialization. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

Insecure Default Initialization of Resource

Overview @modelcontextprotocol/sdk is a Model Context Protocol implementation for TypeScript Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the StreamableHTTPServerTransport or SSEServerTransport process when enableDnsRebindingProtection is not...

Siemens SIMATIC S7-1500 Missing Initialization of Resource (CVE-2021-22898)

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

CVE-2025-40177 accel/qaic: Fix bootlog initialization ordering

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix bootlog initialization ordering As soon as we queue MHI buffers to receive the bootlog from the device, we could be receiving data. Therefore all the resources needed to process that data need to be setup prior to...

EUVD-2006-2202

Malware in sbrugna...

EUVD-2025-32386

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data such as the I2C tcpcclient device,...

CVE-2025-39934

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data such as the I2C tcpcclient device,...

CVE-2025-39934

CVE-2025-39934: Linux kernel drm: bridge: anx7625 fixes a NULL pointer dereference when an IRQ fires before resource initialization, potentially accessing uninitialized I2C tcpc_client data. The NVD entry notes a MEDIUM base score (5.5) with LOCAL attack vector and LOW PR, HIGH impact on availabi...

CVE-2025-39934 drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data such as the I2C tcpcclient device,...

EUVD-2025-31069

Malicious code in bioql PyPI...

EUVD-2024-42844

Malicious code in bioql PyPI...

EUVD-2025-14536

Malicious code in bioql PyPI...

EUVD-2024-15904

Malicious code in bioql PyPI...

GHSA-8V65-5FW5-23WJ node-cube vulnerable to prototype pollution

The node-cube package prior to version 5.0.0 contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of built-in objects. This issue, categorized under CWE-1321, arises from improper validation of...

CVE-2025-57348

The node-cube package prior to version 5.0.0 contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of built-in objects. This issue, categorized under CWE-1321, arises from improper validation of...

CVE-2025-57348

The node-cube package prior to version 5.0.0 contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of built-in objects. This issue, categorized under CWE-1321, arises from improper validation of...

CVE-2025-57348

The node-cube package prior to version 5.0.0 contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of built-in objects. This issue, categorized under CWE-1321, arises from improper validation of...

GHSA-794X-8X6X-QPFC Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint

Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...

Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint

Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...

TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability

TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a /heapdump URI...