dotnet: .NET: Security Bypass and Denial of Service Vulnerability

A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service DoS, making the service unavailable, and a bypass of security features...

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerability in question is CVE-2026-21513 CVSS score: 8.8, a high-severity security feature bypass affecti...

CVE-2026-21924

Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications component: General. Supported versions that are affected are 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.3, 4.5.0.2.0, 25.4 and 25.10. Easily exploitable vulnerability allows low privileged attacker...

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager

Summary Multiple vulnerabilities were addressed in IBM Sterling Partner Engagement Manager versions 6.2.3.5 and 6.2.4.2. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION: Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a...

EUVD-2023-44406

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-22233

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, ther...

CVE-2025-41234

A mishandling of non-ASCII characters in headers flaw was found in the Spring framework. This flaw allows an attacker to tamper with a file download under specific conditions when content names are user-supplied, and the victim then downloads unintended content. Mitigation Mitigation for this iss...

Ubuntu 24.04 LTS : Linux kernel (Azure, N-Series) vulnerabilities (USN-7468-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7468-1 advisory. Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker...

CVE-2024-38819

A flaw was found in the Spring Framework. Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. This flaw allows an attacker to craft malicious HTTP requests and obtain any file on the file system that is also...

spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression

A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...

spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression

A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...

CVE-2024-50050

creationtimestamp| type| source ---|---|--- 2024-10-23 17:23:17+00:00| seen| https://t.me/cvedetector/8690 2025-01-23 13:54:32+00:00| seen| https://bsky.app/profile/r-netsec.bsky.social/post/3lgfztkse6w2c 2025-01-23 15:45:06+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/9561...

spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression

A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...

Google Android Security Vulnerability

Google Android is a Linux-based open source operating system from Google Inc. A security vulnerability exists in Google Android, which stems from a vulnerability in Framework that could lead to local privilege escalation...

Google Android Security Vulnerability

Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in Google Android, which stems from a vulnerability in Framework that could lead to elevation of privilege...

CVE-2021-2053

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager component: UI Framework. The supported version that is affected is 13.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ba...

Google Android Information Disclosure Vulnerability (CNVD-2019-30371)

Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA in the U.S. Media Framework is one of the multimedia development frameworks. An information disclosure vulnerability exists in Media framework in Android Q. The vulnerability originates in a...

Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall Information Disclosure Security Vulnerability

Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall are both products of Cisco.Cisco RV180W Wireless-N Multifunction VPN Router is a router product. The Cisco RV180W Wireless-N Multifunction VPN Router is a router and the Small...

Cisco Webex Cross-Site Scripting Vulnerability (CNVD-2018-14204)

Cisco WebEx is the United States Cisco Cisco company's set of Web conferencing tools, the tool can assist off-site office workers to coordinate and collaborate.WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging IM. A cross-site scripting...

Cisco WebEx Cross-Site Scripting Vulnerability

Cisco WebEx is the United States Cisco Cisco company's set of Web conferencing tools, the tool can assist off-site office workers to coordinate and collaborate.WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging IM. A cross-site scripting...