EUVD-2021-28228

Malicious code in bioql PyPI...

EUVD-2025-31125

Malicious code in bioql PyPI...

IconEnvironmentDataBlock - Windows LNK File Special UNC Path NTLM Leak

This module creates a malicious Windows shortcut LNK file that specifies a special UNC path in IconEnvironmentDataBlock of Shell Link .LNK that can trigger an authentication attempt to a remote server. This can be used to harvest NTLM authentication credentials. When a victim browse to the locati...

CVE-2025-26333

Dell BSAFE Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure...

CVE-2025-26333

Dell BSAFE Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure...

CVE-2025-26333

Dell BSAFE Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure...

CVE-2025-26333

Dell BSAFE Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure...

CVE-2025-26333

Dell BSAFE Crypto-J contains an information disclosure flaw: error messages may reveal sensitive environment details and associated data to remote attackers (CVE-2025-26333). Affected product is Dell BSAFE Crypto-J; impact is information exposure with HIGH confidentiality impact per NVD. Dell has...

PT-2025-39408

Name of the Vulnerable Software and Affected Versions Dell Crypto-J affected versions not specified Description The software generates an error message containing sensitive information about its environment and associated data. A remote attacker could potentially exploit this issue, leading to...

Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...

Moderate: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...

Linux Distros Unpatched Vulnerability : CVE-2018-19976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the...

Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...

Improper Privilege Management vulnerability in Apache Kafka Client

Apache Kafka Clients are vulnerable to improper privilege management due to the use of ConfigProvider plugins that can read from disk or environment variables. This could allow an attacker to read arbitrary contents of the disk and environment variables, potentially escalating from REST API acces...

Malicious code in node-mongoose-orm (npm)

The package employs typosquatting to impersonate a legitimate author and package, and it contains obfuscated code that exfiltrates sensitive user data and creates a backdoor for remote code execution, The core of the malicious activity is found in the package/lib/writer.js file. The lib/writer.js...

CVE-2025-5416

A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' through the use of template functions env and expandenv, which are enabled by default. An attacker can extract sensitive system data,...

Malicious code in chimera-sandbox-extensions (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9b87170278a2bed3680592ca4efa2d402a56ee044fcfea4b95831e545431a794 When started, the code attempts to access multiple domains based on the generating algorithm. Once one valid is found, it downloads a script and executes it. T...

grub2: net: Out-of-bounds write in grub_net_search_config_file()

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

Exploit for Improper Check for Unusual or Exceptional Conditions in Mozilla Firefox

CVE-2024-4367-PoC This Proof of Concept PoC demonstrates the...