CVE-2025-64343

CVE-2025-64343 affects the conda Constructor tool. In versions 3.12.2 and earlier, the installation directory inherits permissions from its parent, and outside restricted directories those permissions can permit write access by authenticated users. Any logged-in user could modify during installat...

CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

MediaTek Chipsets 安全漏洞

MediaTek Chipsets is a series of chips from China's MediaTek Corporation MediaTek. A security vulnerability exists in MediaTek Chipsets that stems from incorrect boundary checking, which could lead to out-of-bounds writes, and remote elevation of privilege if the user's device is connected to a...

Cross-site Request Forgery (CSRF)

Overview org.jenkins-ci.plugins:windocks-start-container is an Allows users to create running containers based on Images available on the WinDocks host. WinDocks is a port of Docker’s open source to Windows, and supports all editions of Windows 8, Windows 10, Windows Server 2012, and Windows Serv...

CVE-2025-64150

The CVE-2025-64150 issue affects Jenkins Publish to Bitbucket Plugin 0.4 and earlier, where a missing permission check in an HTTP endpoint allows an attacker with Overall/Read permission to connect to an attacker‑specified URL using attacker‑specified credentials IDs. This can enable capture of c...

CVE-2025-55754

CVE-2025-55754 affects Apache Tomcat: improper neutralization of ANSI escape sequences in log messages could enable console/clipboard manipulation via crafted URLs. Affected: Tomcat 11.x (11.0.0-M1 to 11.0.10), 10.x (10.1.0-M1 to 10.1.44), 9.x (9.0.40 to 9.0.108), plus some EOL versions. Remediat...

CVE-2025-62427 Server-Side Request Forgery (SSRF) in Angular SSR

The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr before 19.2.18, 20.3.6, and 21.0.0-next.8. The function createRequestU...

CVE-2025-11161 WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vccustomheading shortcode in all versions up to, and including, 8.6.1. This is due to insufficient restriction of allowed HTML tags and improper sanitization of user-supplied attributes in the...

Microsoft Windows 后置链接漏洞

Microsoft Windows is a suite of operating systems used by Microsoft Corporation USA for personal devices. A back-link vulnerability exists in Microsoft Windows Health and Optimized Experiences, which stems from a vulnerability that can be exploited by an attacker to elevate privileges...

PT-2025-42118

Name of the Vulnerable Software and Affected Versions Microsoft Office Excel affected versions not specified Description An issue exists in Microsoft Office Excel where access of a resource using an incompatible type, referred to as a 'type confusion', can allow an unauthorized attacker to execut...

Microsoft Windows 资源管理错误漏洞

Microsoft Windows is a suite of operating systems used by Microsoft Corporation USA for personal devices. Microsoft Windows suffers from a Resource Management Error vulnerability that stems from an attacker's ability to elevate privileges by exploiting the vulnerability...

Microsoft Windows PrintWorkflowUserSvc 资源管理错误漏洞

Microsoft Windows PrintWorkflowUserSvc is a Windows service from Microsoft Corporation USA that provides support for print workflow applications. A resource management error vulnerability exists in Microsoft Windows PrintWorkflowUserSvc, which stems from an attacker's ability to elevate privilege...

PT-2025-42014

Name of the Vulnerable Software and Affected Versions Microsoft Windows Hyper-V affected versions not specified Description A race condition exists in Windows Hyper-V during concurrent execution using shared resources with improper synchronization. This allows a locally authorized attacker to...

Adobe Illustrator 缓冲区错误漏洞

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

USN-7818-1: Apache Subversion vulnerability

It was discovered that Apache Subversion incorrectly parsed control characters in filenames. An attacker could possibly use this issue to commit a corrupted revision to a repository, leading to a denial of service...

EUVD-2016-7156

Malware in sbrugna...

EUVD-2010-4552

Malware in sbrugna...

EUVD-2021-23880

Malware in sbrugna...

EUVD-2020-24875

Malware in sbrugna...

EUVD-2018-15108

Malware in sbrugna...