EUVD-2013-2214

Malware in sbrugna...

EUVD-2017-0998

Malware in sbrugna...

WordPress Sala Theme <= 1.1.3 is vulnerable to Broken Access Control

Software Sala Type Theme Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-52803 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 485a6b36a4e6 Credits Thái An Required privilege Unauthenticate...

CWA-2025-006: wasmd's improper error handling may lead to IBC channel opening despite error

CWA-2025-006: Improper error handling may lead to IBC channel opening despite error Severity High Considerable + Likely^1 Affected versions: - wasmd 0.60.0 - wasmd = 0.51.0 0.55.1 Patched versions: - wasmd 0.60.1, 0.55.1, 0.54.1, 0.53.3 Description of the bug A contract erroring during IBC channe...

GHSA-X958-RVG6-956W matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator

Summary matrix-sdk-crypto since version 0.8.0 up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although the...

matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator

Summary matrix-sdk-crypto since version 0.8.0 up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although the...

PT-2025-23032 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 137.0.7151.55 Description: The issue is an out of bounds write in V8, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. The severity of this issue is considered High...

MediaTek wLAN AP Firmware Vulnerability - Lenovo Support US

No description provided...

DoS (Denial of Service) io.netty:netty-handler Dependency in Bamboo Data Center and Server

This High severity io.netty:netty-handler Dependency vulnerability was introduced in versions 9.5.0, 9.6.0, 10.0.0, 10.1.0, and 10.2.0 of Bamboo Data Center and Server. This io.netty:netty-handler Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

CVE-2023-7024

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

ASB-A-238904312

The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression: sPA.uiAddr = pagetophyspsOSPageArrayData-pagearrayui32PageIndex; With the current PoC this crashes as an OOB read. However, given that the...

[WP-H3] Proxy admin of the upgradeable proxy contracts can steal _borrowAsset and collateralAsset from the contracts and users' wallet

Lines of code Vulnerability details Both LenderPool and PooledCreditLine are upgradeable contract that holds users' allowances, and in certain periods, LendingPool will be holding users' funds. Use of Upgradeable Proxy Contract Structure allows the logic of the contract to be arbitrarily changed...

NVIDIA Gamers Face DoS, Data Loss from Shield TV Bugs

NVIDIA has newly disclosed three security vulnerabilities in the NVIDIA Shield TV, which could allow denial of service, escalation of privileges and data loss. The NVIDIA Shield TV is a set-top gadget that acts as a hub for the smart home, streams PC games from a gaming PC to a TV; and allows loc...

opera to 12.10 (important)

This Opera 12.10 security update fixes following security issues: -an issue that could cause Opera not to correctly check for certificate revocation; -an issue where CORS requests could incorrectly retrieve contents of cross origin pages; -an issue where data URIs could be used to facilitate...

Advisory CA-2000-05

-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2000-05 Netscape Navigator Improperly Validates SSL Sessions Original release date: May 12, 2000 Source: ACROS, CERT/CC A complete revision history is at the end of this file. Systems Affected Systems running Netscape Navigator 4.72, 4.61, and...