OESA-2026-2355 evolution-data-server security update

The evolution-data-server package provides a personal information management application that provides integrated mail, calendaring and address book functionality. The evolution-data-server package provides a single database for common, desktop-wide information, such as a user's address book or...

Astra Linux - уязвимость в chromium

The incorrect security UI in the Browser UI of Google Chrome prior to version 97.0.4692.71 allowed a remote attacker to display a missing URL or an incorrect URL through a crafted URL...

Foxit PDF Services API 安全漏洞

The Foxit PDF Services API is a set of cloud-based PDF services provided by the American company Foxit, offering capabilities for document processing and format conversion. There is a security vulnerability in the Foxit PDF Services API. This vulnerability allows attackers to control server-side...

CVE-2026-29131

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users...

CVE-2026-28417 Vim has OS Command Injection in netrw

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...

CVE-2025-66415 fastify-reply-from bypass of reply forwarding

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is...

Duplicate Advisory: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mm7p-fcc7-pg87. This link is maintained to preserve external references. Original Description A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient...

CVE-2025-61304

OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address...

CVE-2025-61304

OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address...

CVE-2025-61304

CVE-2025-61304 is an OS command injection vulnerability in the Dynatrace ActiveGate ping extension, affected up to version 1.016. The root cause is improper handling of crafted IP addresses in the ping extension, which relies on the Windows command prompt and allows command chaining (e.g., via an...

EUVD-2025-31617

Malicious code in bioql PyPI...

CVE-2025-59774

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

CVE-2019-20566

An issue was discovered on Samsung mobile devices with any before September 2019 for SMP1300 Exynos modem chipsets software. Attackers can trigger stack corruption in the Shannon modem via a crafted RP-Originator/Destination address. The Samsung ID is SVE-2019-14858 September 2019...

RHEL 5 : bash (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution CVE-2016-7543 - bash: when...

SUSE CVE-2024-34069

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...

CVE-2023-36187

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd...

Memory corruption

Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to AGM...

PT-2023-13305 · Qualcomm · Snapdragon +14

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue is related to memory corruption caused by incorrect type conversion or cast in audio processing. This occurs when a crafted address is sent from AGM IPC to AGM during audi...

SUSE CVE-2014-3676

Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."...

SUSE CVE-2016-9401

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address...