PT-2026-24423

Name of the Vulnerable Software and Affected Versions Zoom Workplace for Windows versions prior to 6.6.0 Description The issue involves external control of the file name or path within the Mail feature. This can allow an unauthenticated user to escalate privileges through network access. The...

CVE-2025-13634

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. Chromium security severity: Medium...

Elastic Defend 安全漏洞

Elastic Defend is an application from the Dutch company Elastic. It provides prevention, detection and response capabilities, as well as deep visibility into EPP, EDR, SIEM and security analytics. A security vulnerability exists in Elastic Defend that stems from improperly saved permissions on a...

EUVD-2019-19211

Malware in sbrugna...

EUVD-2023-38686

Malicious code in bioql PyPI...

SUSE CVE-2025-11212

Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

PT-2025-30264 · Eslint +1 · @Eslint/Plugin-Kit +1

Name of the Vulnerable Software and Affected Versions: yt-dlp versions 2025.06.25 and below Description: yt-dlp is a command-line audio/video downloader. A flaw exists where, on Windows, using the --exec option with the default placeholder or results in insufficient sanitization of the expanded...

WhatsApp for Windows Flaw Could Let Hackers Sneak In Malicious Files

If you use WhatsApp Desktop on Windows, listen up! A flaw in WhatsApp for Windows CVE-2025-30401 let attackers disguise malicious files as safe ones. Update to version 2.2450.6 or later to stay secure...

11 Nation-State Hackers Exploit Unpatched Windows Flaw Since 2017

Microsoft refuses to patch serious Windows shortcut vulnerability abused in global espionage campaigns!...

Design/Logic Flaw

ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag...

CVE-2019-9855

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on...

CVE-2017-13791

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote...

August 15, 2017 – Morning Cyber Coffee Headlines – “Cats” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! August 15, 2017 - Headlines How Cybersecurity Became 2017’s Hot New Major - The...

Flash, Reader, Firefox and IE All Fall On First Day of Pwn2Own

Four different research teams on Wednesday cracked four products–Adobe Flash, Reader, Mozilla Firefox, and Microsoft Internet Explorer—and collectively earned a payout of $317,000 on the first day of Pwn2Own 2015. The annual hacking contest, which kicked off Wednesday in Vancouver, runs...

Intel CPU Vulnerability can provide control of your system to attacker

Intel CPU Vulnerability can provide control of your system to attacker The U.S. Computer Emergency Readiness Team US-CERT has disclosed a flaw in Intel chips that could allow hackers to gain control of Windows and other operating systems. The flaw has already been exploited on 64-bit versions of...

Microsoft Patches Windows Flaw Exploited by Duqu

Microsoft on Tuesday released 13 security bulletins, including three for critical flaws in Windows Media and in the Windows kernel-mode drivers. The company had planned on releasing 14 bulletins in December’s Patch Tuesday shipment, but officials said that one of the planned fixes was causing a...

Microsoft to Issue Emergency Patch for Critical Windows Flaw

Microsoft will issue an out-of-band patch on Monday for a critical vulnerability in all of the current versions of Windows. The company didn’t identify which flaw it will be patching, but the description of the vulnerability is a close match to the LNK flaw that attackers have been exploiting for...

How to identify and clean Conficker infections

As the world prepares for the complete destruction of the Internet tomorrow when the Conficker worm makes a small change in its communication protocol, a voice of reason has emerged from the wilderness. The Honeynet Project on Monday released a paper with a detailed analysis of the worm as well a...

MS05-007: Vulnerability in Windows Could Allow Information Disclosure (888302) (uncredentialed check)

The remote version of Windows contains a flaw that may allow an attacker to cause it to disclose information over the use of a named pipe through a NULL session. An attacker may exploit this flaw to gain more knowledge about the remote host. C Tenable Network Security, Inc. include"compat.inc"; i...

MS03-025: Flaw in Windows Message Handling through Utility Manager Could Enable Privilege Elevation (822679)

The remote host runs a version of Windows that has a flaw in the way the utility manager handles Windows messages. As a result, it is possible for a local user to gain additional privileges on this host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11789;...