EUVD-2018-20548

Malware in sbrugna...

CVE-2025-24804

CVE-2025-24804 affects MobSF (Mobile Security Framework). A flaw in the Info.plist CFBundleIdentifier parsing allows an attacker to inject special characters into the bundle ID, causing the application to fail to render content and throw a 500 error (DoS-like unavailability). The vulnerability is...

Siemens Solid Edge Out-of-Bounds Reading Vulnerability (CNVD-2023-09646)

Siemens Solid Edge is a 3D CAD software from Siemens, a German company. The software can be used in industries such as part design, assembly design, sheet metal design, welding design, etc. An out-of-bounds read vulnerability exists in Siemens Solid Edge due to an affected application parsing a...

js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse`

This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse`

This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

CVE-2020-28441

This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context...

Code injection

This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

F5 Networks BIG-IP : Python vulnerabilities (K57542514)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the K57542514 advisory. Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an...

CVE-2020-7788

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

CVE-2020-7788

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

Code injection

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

What’s New in Wallarm Node 2.10

We have recently released a new version of Wallarm Node. After your next update window, you will see some new features your DevOps team is certain to like. Firstly, your monitoring and reporting got a lot livelier. Starting with this version in addition to JSON format metrics can be exported in...

Amazon Linux 2 : ncurses (ALAS-2018-1053)

A NULL pointer dereference was found in the way the ncparseentry function parses terminfo data for compilation. An attacker able to provide specially crafted terminfo data could use this flaw to crash the application parsing it.CVE-2018-10754 C Tenable Network Security, Inc. The descriptive text...

EulerOS 2.0 SP2 : ncurses (EulerOS-SA-2018-1218)

According to the version of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A NULL pointer dereference was found in the way the ncparseentry function parses terminfo data for compilation. An attacker able to provide...

Google Android Remote Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Consortium. There is a security vulnerability in the Android Shell, which can be exploited by remote attackers to build special applications, induce application parsing, and elevate privileges...

Oracle Java Runtime Environment readMabCurveData Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the...

Microsoft PowerPoint TimeColorBehaviorContainer Floating Point Record Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how...