CVE-2025-4397

CVE-2025-4397 affects Medtronic MyCareLink Patient Monitor. The issue is that per‑product credentials are stored in a recoverable format, allowing an attacker to use these credentials to modify encrypted drive data. The description indicates physical access as the attack vector and a high impact ...

CVE-2025-4397 Medtronic MyCareLink Patient Monitor Data Encryption Weakness

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data...

CVE-2025-4397 Medtronic MyCareLink Patient Monitor Data Encryption Weakness

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data...

CVE-2025-4397

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data...

PT-2026-38447

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data...

Medtronic MyCareLink Patient Monitor 安全漏洞

Medtronic MyCareLink Patient Monitor is an open-source monitoring system developed by Medtronic in the United States. The Medtronic MyCareLink Patient Monitor has a security vulnerability, which stems from the use of product credentials stored in a recoverable format. This vulnerability could all...

MinIO vulnerable to Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint

Impact What kind of vulnerability is it? Who is impacted? A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configured drive roots, bounded only by the MinIO process UID...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: mpt3sas: A kernel panic occurred during the drive powercycle test. While iterating through Shost’s sdev list, it is possible that one of the drives is being removed, and its sastarget object is freed, but its sdev object...

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free remote desktop protocol library and client. Versions of FreeRDP affected by this issue lack input length validation in the “drive” channel. A malicious server can trick a FreeRDP-based client into reading out-of-bound data and sending it back to the server. This issue has been...

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free remote desktop protocol library and client. Affected versions of FreeRDP lack path canonicalization and base path checks for the drive channel. A malicious server can trick a FreeRDP-based client into reading files outside of the shared directory. This issue has been addressed i...

Astra Linux – Vulnerability in Git

Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. These untrusted parties could create the folder C:.git, which would be included in Git...

Google AppSheet Exploited in 30,000-User Facebook Phishing Operation

Scammers are abusing Google AppSheet and Google Drive to bypass security filters and steal thousands of Facebook Business accounts globally...

WordPress File Manager for Google Drive – Integrate Google Drive plugin <= 1.4.9 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Integrate Google Drive versions = 1.4.9...

BIT-LIBPYTHON-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs

If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2026-3087

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:... then the archive will be extracted outside the target...

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. This heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory...

CVE-2026-3087

If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...

EUVD-2026-25922

If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...

CVE-2026-3087

If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. This heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory...