Astra Linux - уязвимость в intel-microcode

Observable timing discrepancy in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2026-29976

A flaw was found in ZerBea hcxpcapngtool. A local attacker can exploit a buffer overflow vulnerability within the getradiotapfield function. This can lead to the disclosure of sensitive information...

GitLab 12.6 < 18.7.6 / 18.8 < 18.8.6 / 18.9 < 18.9.2 (CVE-2026-1732)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose...

CVE-2026-23664

Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...

ORICO NAS CD3510 安全漏洞

The ORICO NAS CD3510 is a personal storage device manufactured by ORICO Corporation. Versions of the ORICO NAS CD3510 prior to V1.9.12 contained security vulnerabilities. These vulnerabilities were caused by incorrect symbol link tracking, which could lead to the disclosure or tampering with the...

CVE-2026-20958

Server-side request forgery ssrf in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network...

CVE-2026-20936

Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack...

CVE-2025-46299

A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app...

CVE-2022-33319

Out-of-bounds Read vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite...

ROS-20251217-7305

A vulnerability in the Omnibox component of the Google Chrome browser is related to the implementation of an incorrect control flow. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information...

CVE-2025-54338

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to disclose user hashes...

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

CVE-2025-12047

A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to disclose sensitive user files from the application...

CVE-2025-22172

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read external reports without the required permission...

EUVD-2018-7577

Malware in sbrugna...

EUVD-2020-7628

Malware in sbrugna...

EUVD-2025-17767

Malicious code in bioql PyPI...

CVE-2024-56189

CVE-2024-56189 describes an out-of-bounds read in SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c due to a missing bounds check. The available sources indicate this could allow remote information disclosure after authentication with no additional execution privileges and no user interaction requi...

CVE-2025-50157

CVE-2025-50157 affects Windows Routing and Remote Access Service (RRAS) with an information disclosure due to use of an uninitialized resource. The base CVSS v3.1 score is 5.7 (Network, Low attack complexity, Privileges Required: Low, User Interaction: Required; Confidentiality Impact: High). Mic...

CVE-2025-7033

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose...