ProjectSend <= r1605 - Improper Authorization

An improper authorization check was identified within ProjectSend version r1605 that allows an attacker to perform sensitive actions such as enabling user registration and auto validation, or adding new entries in the whitelist of allowed extensions for uploaded files. Ultimately, this allows to...

JLSEC-2026-251 Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed...

Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code...

EUVD-2004-2002

Malware in sbrugna...

EUVD-2007-3076

Malware in sbrugna...

EUVD-2019-2033

Malware in sbrugna...

CVE-2025-8628

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...

[SECURITY] [DSA 5971-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5971-1 [email protected] https://www.debian.org/security/ Andres Salomon August 06, 2025 https://www.debian.org/security/faq -...

openSUSE Security Advisory (SUSE-SU-2025:01702-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-17398

This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-11859

CVE-2024-11859 concerns ESET products for Windows where the ESET Command-Line scanner insecurely loads the system library version.dll, enabling a DLL search-order hijack. ToddyCat researchers describe TCESB, a malicious DLL that uses DLL proxying and BYOVD techniques (Dell DBUtilDrv2.sys) to inst...

PT-2025-26901 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a...

CVE-2024-11507

CVE-2024-11507 affects IrfanView and involves a DXF file parsing bug that causes a type confusion due to insufficient input validation. This enables remote code execution when a user opens a malicious DXF or visits a page/file, with exploitation requiring user interaction. The underlying issue is...

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-7056-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7056-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially explo...

CVE-2024-27114

A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the...

Server-Side Template Injection (SSTI)

shopware/core and shopware/platform is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper escaping of the swsilentfeaturecall parameter in Twig templates, allowing execution of code through unescaped feature flag names...

CVE-2024-6287

Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite ...

CVE-2024-6287

Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite ...

CVE-2024-6287

Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite ...

CVE-2024-6287 Incorrect Address Range Calculations

Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite ...

CVE-2024-6287

CVE-2024-6287 concerns Renesas arm-trusted-firmware. The issue is an Incorrect Calculation in the image overlap/check logic that can let an attacker bypass memory range restrictions and overwrite a loaded image, potentially causing local code execution and bypass of secure boot. If exploited, thi...