228 matches found
CVE-2026-33708 Chamilo LMS has REST API PII Exposure via get_user_info_from_username
Chamilo LMS is a learning management system. Prior to 1.11.38, the getuserinfofromusername REST API endpoint returns personal information email, first name, last name, user ID, active status of any user to any authenticated user, including students. There is no authorization check. This...
Unspecified Vulnerability in Multiple Apple Products (CNVD-2026-14494)
Apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for smart TVs. apple macOS is a specialized operating system developed for Mac computers. A security vulnerability exists in several Apple products that could be exploited by an attacker to disclose...
CVE-2026-20675
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may lead to disclosure of...
CVE-2026-20675
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may lead to disclosure of...
MiracleLinux 8 : webkit2gtk3-2.38.5-1.el8.ML.1 (AXSA:2023-5964:10)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5964:10 advisory. webkitgtk: use-after-free issue leading to arbitrary code execution CVE-2022-42826 webkitgtk: memory corruption issue leading to arbitrary code...
CVE-2022-42851
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2. Parsing a maliciously crafted TIFF file may lead to disclosure of user information...
CVE-2019-11174
Insufficient access control in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access...
Linux Distros Unpatched Vulnerability : CVE-2025-52331
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the...
CVE-2025-52331
Cross-site scripting XSS vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation i...
Rarlab WinRAR 安全漏洞
Rarlab WinRAR is a file compression/decompression software from Rarlab. A security vulnerability exists in Rarlab WinRAR version 7.11, which originates from cross-site scripting in the Generate Report function and could lead to the disclosure of user information...
EUVD-2021-17878
Malware in sbrugna...
EUVD-2021-17880
Malware in sbrugna...
EUVD-2021-17827
Malware in sbrugna...
EUVD-2021-17623
Malware in sbrugna...
EUVD-2021-17604
Malware in sbrugna...
EUVD-2021-17708
Malware in sbrugna...
EUVD-2021-17602
Malware in sbrugna...
EUVD-2021-17879
Malware in sbrugna...
EUVD-2025-3653
Malicious code in bioql PyPI...
EUVD-2022-25570
Malicious code in bioql PyPI...