CVE-2026-45185

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

CVE-2026-34051

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulati...

PT-2026-28488

Name of the Vulnerable Software and Affected Versions InvenTree versions prior to 1.2.6 InvenTree versions 1.2.6 through 1.3.0 Description InvenTree is an Open Source Inventory Management System. Certain API endpoints associated with bulk data operations can be exploited to exfiltrate sensitive...

CVE-2026-34051 OpenEMR has Improper ACL On Import/Export Popup

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulati...

CVE-2026-34051

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulati...

CVE-2026-34051 OpenEMR has Improper ACL On Import/Export Popup

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulati...

CVE-2026-30857

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a cross-tenant authorization bypass in the knowledge base copy endpoint allows any authenticated user to clone duplicate another tenant’s knowledge base into their own tena...

CVE-2026-28408

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionartipodocsatendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like...

EUVD-2018-14746

Malware in sbrugna...

EUVD-2017-2438

Malware in sbrugna...

EUVD-2002-0626

Malware in sbrugna...

New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy

The U.S. Department of Justice DoJ has issued a final rule carrying out Executive Order EO 14117, which prevents mass transfer of citizens' personal data to countries of concern such as China including Hong Kong and Macau, Cuba, Iran, North Korea, Russia, and Venezuela. "This final rule is a...

SUSE CVE-2024-56684

In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: fix wrong use of sizeof in cmdqgetclocks It should be size of the struct clkbulkdata, not data pointer pass to devmkcalloc...

UBUNTU-CVE-2024-56684

In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: fix wrong use of sizeof in cmdqgetclocks It should be size of the struct clkbulkdata, not data pointer pass to devmkcalloc...

Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.

...

NSA Buying Bulk Surveillance Data on Americans without a Warrant

It finally admitted to buying bulk data on Americans from data brokers, in response to a query by Senator Weyden. This is almost certainly illegal, although the NSA maintains that it is legal until its told otherwise. Some news articles...

Security Bulletin: A security vulnerability has been identified in Log4j 2 used in IBM Guardium Data Encryption (GDE) (CVE-2021-44228)

Summary Log4j 2 is a logging package used by IBM Security Guardium Data Encryption GDE. That package has a security vulnerability. Consult the bulletin listed below for details. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrar...

Unspecified Vulnerability in Oracle Retail Applications Retail Bulk Data Integration Component

Oracle Retail Applications is the United States Oracle Oracle company's set of retail applications store solutions. Retail Bulk Data Integration is one of the data integration components. A security vulnerability exists in the BDI Job Scheduler subcomponent of the Retail Bulk Data Integration...

CVE-2018-2891

Vulnerability in the Oracle Retail Bulk Data Integration component of Oracle Retail Applications subcomponent: BDI Job Scheduler. The supported version that is affected is 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reta...

CVE-2018-2891

CVE-2018-2891 affects Oracle Retail Bulk Data Integration (BDI Job Scheduler) in Oracle Retail Applications version 16.0. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise BDI, with user interaction required, potentially resulting in unauthorized read...