148 matches found
CVE-2026-35300
...
SWPT-Notes
SWPT-Notes Personal study notes compiled while working throug...
CVE-2026-22013
...
CVE-2026-23444 wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb on ieee80211txprepareskb failure ieee80211txprepareskb has three error paths, but only two of them free the skb. The first error path ieee80211txprepare returning TXDROP does not free it, while...
USN-8123-1 mbedtls vulnerabilities
It was discovered that Mbed TLS incorrectly handled memory allocation failures. A remote attacker could possibly use this issue to crash the program. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-44732 Jonathan Winzig discovered that Mbed TLS incorrectly handled crafted...
CVE-2026-3479 pkgutil.get_data() does not enforce documented restrictions
DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...
CVE-2026-21985
...
CVE-2026-21969
Oracle Agile Product Lifecycle Management for Process (Supplier Portal component) is affected in version 6.2.4. The connected PT-security entry states an easily exploitable, unauthenticated HTTP-access vulnerability that can lead to a complete takeover of the system. No remediation/fix informatio...
MORPHEUS: A Multidimensional Framework for Modeling, Measuring, and Mitigating Human Factors in Cybersecurity
Current cybersecurity research increasingly acknowledges the human factor, yet remains fragmented, often treating user vulnerabilities as isolated and static traits. This paper introduces MORPHEUS, a holistic framework that operationalizes human-centric security as a dynamic and interconnected...
CVE-2025-59392
On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive containing a publicly documented reset string into a USB port...
CVE-2025-62589
...
EUVD-2019-6824
Malware in sbrugna...
EUVD-2020-29853
Malware in sbrugna...
EUVD-2021-33067
Malicious code in bioql PyPI...
August 12, 2025—Hotpatch KB5064010 (OS Build 26100.4851)
None None...
BIT-LIBPYTHON-2025-4435 Tarfile extracts filtered members when errorlevel=0
When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped...
CVE-2025-53770
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this...
BIT-PYTHON-2025-4435 Tarfile extracts filtered members when errorlevel=0
When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped...
SUSE CVE-2025-34075
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the host's Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended behavior that does...
CVE-2025-38090
creationtimestamp| type| source ---|---|--- 2025-06-30 07:56:14+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19907 2025-06-30 11:18:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lst2rmiqxp2a...