EUVD-2019-12630

Malware in sbrugna...

EUVD-2024-48794

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-21244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Telemetry. Supported versions that are affected are 8.4.2 and prior and 9.0.1 and...

CVE-2025-50106

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...

CVE-2025-29885

CVE-2025-29885 refers to an improper certificate validation vulnerability affecting QNAP File Station 5 . The issue allows remote attackers who already have user access to potentially compromise system security. Technical details in the connected PT-2025-24304 entry specify affected versions: Fil...

CVE-2024-39344

An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The ApttusDocuApiDocusignAuthenticationmdt object is installed via the marketplace from this package and stores some configuration information in a manner that could be compromised. With the default settings when install...

CVE-2022-21601

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications component: Connection Manager. Supported versions that are affected are 12.0.0.4.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network acce...

code-server's session cookie can be extracted by having user visit specially crafted proxy URL

Summary A maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Details Failure to properly validate the port for a proxy request can result in proxying to an arbitrary domain. The malicious URL https:///proxy/[email protected]/path would be...

Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2025-011)

The version of java-11-openjdk installed on the remote host is prior to 11.0.12.0.7-0. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2025-011 advisory. Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

CVE-2025-26326

A vulnerability was identified in the NVDA Remote version 2.6.4 and Tele NVDA Remote version 2025.3.3 remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered ...

CVE-2024-54681

CVE-2024-54681 affects Ossur Mobile Logic Application. Connected sources confirm the root cause is the presence of multiple bash files in the application’s private directory, which an attacker with full access on the mobile platform can use to compromise translations. Public mentions (e.g., Red H...

CVE-2024-56330

Stardust is a platform for streaming isolated desktop containers. With this exploit, inter container communication ICC is not disabled. This would allow users within a container to access another containers agent, therefore compromising access.The problem has been patched in any Stardust build pa...

CVE-2024-56330 Session VNC may be accessed by other sessions on the same host in stardust

Stardust is a platform for streaming isolated desktop containers. With this exploit, inter container communication ICC is not disabled. This would allow users within a container to access another containers agent, therefore compromising access.The problem has been patched in any Stardust build pa...

CVE-2024-7625

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability,...

CVE-2024-21165

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

SUSE-SU-2023:4907-1 Security update for mariadb

This update for mariadb fixes the following issues: - CVE-2023-22084: Fixed an easily exploitable vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server bsc1217405...

CVE-2023-40661

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a...

PT-2023-21644 · Unknown · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: rocket.chat affected versions not specified Description: A security issue has been found in the implementation of 2FA on the rocket.chat platform. When 2FA is activated, other active sessions are not invalidated. This could allow an attacker ...

MGASA-2023-0024 Updated virtualbox packages fix security vulnerability

Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. CVE-2023-21884 Unauthenticated attacker with network access via multiple protocols to compromise Oracle VM...

Design/Logic Flaw

An attacker that gains service access to the FSP POWER9 only or gains admin authority to a partition can compromise partition firmware...