80 matches found
Astra Linux – Vulnerability in Chromium
Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. Chromium security severity: Low...
CVE-2026-12225
syracom AG Secure Login 2FA for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sending HTTP requests with a crafted User-Agent header containi...
corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol UDP packet. This can lead to an out-of-bounds read, causing a denial of service...
Linux Distros Unpatched Vulnerability : CVE-2026-33602
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to...
PT-2026-1964
Name of the Vulnerable Software and Affected Versions MediaWiki - VisualData Extension version 1.45 Description An inefficient regular expression complexity issue exists in the MediaWiki - VisualData Extension. This allows for a Regular Expression Exponential Blowup, potentially leading to a deni...
CVE-2025-61949
LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page...
CVE-2025-61949
LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page...
CVE-2025-61949
LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page...
EUVD-2020-0301
Malware in sbrugna...
EUVD-2010-1181
Malware in sbrugna...
EUVD-2022-2398
Malicious code in bioql PyPI...
CVE-2023-23621
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0....
SUSE CVE-2017-12844
Cross-site scripting XSS vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name...
SUSE CVE-2025-25294
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the...
CVE-2024-41655 TF2 Item Format Regular Expression Denial of Service vulnerability
TF2 Item Format helps users format TF2 items to the community standards. Versions of tf2-item-format since at least 4.2.6 and prior to 5.9.14 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. This vulnerability can be exploited by an attacker t...
The vulnerability of the system administration programs Sudo-rs lies in insufficient validation of command arguments entered by users. This allows attackers to escalate their privileges by creating a specially crafted user name.
The vulnerability of the system administration programs Sudo-rs is related to insufficient checking of command arguments entered by users. Exploiting this vulnerability allows a malicious actor to enhance their privileges by creating a specially crafted user name...
curl: TELNET option IAC injection
A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...
SUSE CVE-2023-5186
Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. Chromium security severity: High...
Google Chrome Resource Management Error Vulnerability
Google Chrome is a web browser from Google, Inc USA. A resource management error vulnerability exists in Google Chrome prior to version 117.0.5938.132, which stems from the presence of a post-release reuse vulnerability that allows remote attackers to potentially exploit heap corruption via a...
Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation (CVE-2019-1585)
A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability is due to a misconfiguration of certain sudoers...