CVE-2026-35300

...

SWPT-Notes

SWPT-Notes Personal study notes compiled while working throug...

CVE-2026-22013

...

USN-8123-1 mbedtls vulnerabilities

It was discovered that Mbed TLS incorrectly handled memory allocation failures. A remote attacker could possibly use this issue to crash the program. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-44732 Jonathan Winzig discovered that Mbed TLS incorrectly handled crafted...

CVE-2026-3479 pkgutil.get_data() does not enforce documented restrictions

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...

CVE-2026-21985

...

CVE-2026-21969

Oracle Agile Product Lifecycle Management for Process (Supplier Portal component) is affected in version 6.2.4. The connected PT-security entry states an easily exploitable, unauthenticated HTTP-access vulnerability that can lead to a complete takeover of the system. No remediation/fix informatio...

MORPHEUS: A Multidimensional Framework for Modeling, Measuring, and Mitigating Human Factors in Cybersecurity

Current cybersecurity research increasingly acknowledges the human factor, yet remains fragmented, often treating user vulnerabilities as isolated and static traits. This paper introduces MORPHEUS, a holistic framework that operationalizes human-centric security as a dynamic and interconnected...

CVE-2025-59392

On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive containing a publicly documented reset string into a USB port...

CVE-2025-62589

...

EUVD-2019-6824

Malware in sbrugna...

EUVD-2020-29853

Malware in sbrugna...

EUVD-2021-33067

Malicious code in bioql PyPI...

August 12, 2025—Hotpatch KB5064010 (OS Build 26100.4851)

None None...

BIT-LIBPYTHON-2025-4435 Tarfile extracts filtered members when errorlevel=0

When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped...

CVE-2025-53770

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this...

BIT-PYTHON-2025-4435 Tarfile extracts filtered members when errorlevel=0

When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped...

SUSE CVE-2025-34075

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the host's Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended behavior that does...

CVE-2025-38090

creationtimestamp| type| source ---|---|--- 2025-06-30 07:56:14+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19907 2025-06-30 11:18:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lst2rmiqxp2a...

CVE-2025-5528

creationtimestamp| type| source ---|---|--- 2025-06-07 15:07:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqzmv4vs7p2c 2025-06-09 16:56:11+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17707...