25 matches found
GPUBreach: Privilege Escalation Attacks on GPUs Using Rowhammer
NVIDIA GPUs with GDDR memories have been shown susceptible to Rowhammer-based bit-flips, similar to CPUs. However, Rowhammer exploits on GPUs have been limited to injecting untargeted bit-flips in victim data like weights of machine learning models, to degrade model accuracy, unlike CPU exploits...
CVE-2026-28803 Open Forms possible to view submission details of other people than intended
Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned...
CVE-2023-40731
A vulnerability has been identified in QMS Automotive All versions V12.39. The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering...
Engineering Attack Vectors and Detecting Anomalies in Additive Manufacturing
Additive manufacturing AM is rapidly integrating into critical sectors such as aerospace, automotive, and healthcare. However, this cyber-physical convergence introduces new attack surfaces, especially at the interface between computer-aided design CAD and machine execution layers. In this work, ...
EUVD-2020-9055
Malware in sbrugna...
EUVD-2023-45281
Malicious code in bioql PyPI...
EUVD-2023-45285
Malicious code in bioql PyPI...
EUVD-2024-0892
Malicious code in bioql PyPI...
Malicious code in atg-all-in-wonder-player (npm)
The package atg-all-in-wonder-player was found to contain malicious code...
MAL-2025-41057 Malicious code in zooarchaeology-uglify-js-decoherence-bootes (npm)
The package zooarchaeology-uglify-js-decoherence-bootes was found to contain malicious code...
DEBIAN-CVE-2024-36050
Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...
CVE-2024-28850 WP Crontrol possible RCE when combined with a pre-condition
WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability...
Siemens QMS Automotive Code Issue Vulnerability
Siemens QMS Automotive is a quality management system for the automotive industry from Siemens, Germany. Siemens QMS Automotive has a code issue vulnerability that can be exploited by an attacker to upload malicious files, which could lead to code tampering...
CVE-2023-40731
A vulnerability has been identified in QMS Automotive All versions V12.39. The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering...
CVE-2023-40731
A vulnerability has been identified in QMS Automotive All versions V12.39. The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering...
CVE-2023-40731
A vulnerability has been identified in QMS Automotive All versions V12.39. The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering...
CVE-2023-40731
A vulnerability has been identified in QMS Automotive All versions V12.39. The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering...
CVE-2023-40731
Siemens QMS Automotive (all versions before v12.39) is affected by CVE-2023-40731 due to an unrestricted upload of file types in the application, enabling upload of malicious files that could lead to code tampering. Reported exposure is network-based with low attack complexity and requires vulner...
CVE-2023-40727
CVE-2023-40727 affects Siemens QMS Automotive, specifically the QMS.Mobile module in all versions before v12.39. The root cause is a weak, outdated application signing mechanism that could allow an attacker to tamper the application code. This vulnerability can lead to code tampering, potentially...
CVE-2023-40727
A vulnerability has been identified in QMS Automotive All versions V12.39. The QMS.Mobile module of the affected application uses weak outdated application signing mechanism. This could allow an attacker to tamper the application code...