CVE-2026-20427

In display, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5537...

CVE-2026-20442

CVE-2026-20442 refers to a use-after-free vulnerability in display logic that can cause a system crash and local denial of service when an attacker already has System privileges. Exploitation does not require user interaction. Patch ALPS10436998 addresses the issue (Issue MSV-5723). The provided ...

CVE-2026-25491 Craft has a Stored XSS in Entry Types Name

Craft is a platform for creating digital experiences. From 5.0.0-RC1 to 5.8.21, Craft has a stored XSS via Entry Type names. The name is not sanitized when displayed in the Entry Types list. This vulnerability is fixed in 5.8.22...

MiracleLinux 7 : openssh-7.4p1-23.0.3.0.3.el7.AXS7 (AXSA:2025-10789:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10789:04 advisory. CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory...

CVE-2025-20781

The CVE-2025-20781 issue affects MediaTek chipsets’ display component, caused by a memory corruption due to use-after-free. This leads to local escalation of privilege if an attacker already has System privileges; exploitation does not require user interaction. A patch is listed as ALPS10182914 (...

PT-2026-1370

Name of the Vulnerable Software and Affected Versions versions prior to ALPS10184061 Description A memory corruption issue exists in display due to a use after free condition. Successful exploitation of this issue could allow a malicious actor with System privileges to gain local escalation of...

PT-2026-1374

Name of the Vulnerable Software and Affected Versions versions prior to ALPS10182882 Description A memory corruption issue exists in display due to uninitialized data. Successful exploitation could allow a malicious actor with System privileges to escalate their privileges locally. User interacti...

CVE-2025-20777

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4752...

CVE-2025-20777

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4752...

CVE-2025-20766

Summary: CVE-2025-20766 refers to a memory corruption issue caused by improper input validation in MediaTek chipsets. The vulnerability could enable local escalation of privilege to SYSTEM without user interaction, as indicated by a high-severity CVSS v3.1 base score (7.8) with LOCAL attack vecto...

CVE-2025-55127

Affected software: Revive Adserver. Vulnerability: Improper neutralization/validation of whitespace in usernames, allowing leading or trailing spaces. The UI does not visually distinguish such usernames from legitimate ones, per the HackerOne report and related sources. Root cause (as stated): Us...

EUVD-2019-3804

Malware in sbrugna...

EUVD-2021-11278

Malware in sbrugna...

EUVD-2017-16800

Malware in sbrugna...

EUVD-2016-6081

Malware in sbrugna...

EUVD-2012-2801

Malware in sbrugna...

EUVD-2023-37082

Malicious code in bioql PyPI...

EUVD-2022-35691

Malicious code in bioql PyPI...

EUVD-2022-35692

Malicious code in bioql PyPI...

CVE-2025-8041

The CVE-2025-8041 entry concerns Mozilla Firefox for Android, where the address bar truncates URLs from the end instead of prioritizing the origin, allowing a security bypass in Firefox versions prior to 141. Affected product: Firefox for Android; vulnerable component: address bar URL rendering l...