CVE-2026-8201

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

PT-2026-35744

Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts...

Is AI Good for Democracy?

Politicians fixate on the global race for technological supremacy between US and China. They debate geopolitical implications of chip exports, latest model releases from each country, and military applications of AI. Someday, they believe, we might see advancements in AI tip the scales in a...

CVE-2026-2007

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...

CVE-2007-4147

Multiple unspecified vulnerabilities in Interspire ArticleLive NX before 1.7.1.2 have unknown impact and attack vectors, possibly related to 1 ALSANITIZE and 2 "Calling the constructor to make sure things are checked, safe mode, etc."...

CVE-2019-2696

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

CVE-2019-2793

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows low privileged attacker with...

CVE-2019-2925

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Worklist. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful...

CVE-2019-2844

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: LDAP Client Tools. The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to...

CVE-2019-2572

Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware subcomponent: Fabric Layer. The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful...

CVE-2019-2877

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBo...

CVE-2021-2190

Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite component: Template. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Sales...

CVE-2019-2880

Vulnerability in the Oracle Retail Store Inventory Management product of Oracle Retail Applications component: Security. The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Store...

CVE-2019-16771

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in...

CVE-2025-68926 RustFS has a gRPC Hardcoded Token Authentication Bypass

RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.78, RustFS implements gRPC authentication using a hardcoded static token "rustfs rpc" that is publicly exposed in the source code repository, hardcoded on both client and server sides, non-configurable...

Adios 2025, you won’t be missed

Welcome to this week's edition of the Threat Source newsletter. For us in America, we're in the holiday doldrums and things slow and/or shut down until the new year. At Cisco, we shut down the last week of the year to reset and recharge, and I've grown to be quite fond of it. I've worked plenty o...

Malicious code in juicy_ladybug_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b78d1c610b56a08a726a18ec08b9c155006835fd60a50d7db663372d531f7085 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

anomalydetection (=0.0.0.dev1), athiruma-cloud-governance (>=1.1.89 <=1.1.345) +26 more potentially affected by CVE-2025-61911 via python-ldap (>=3.0.0 <=3.4.4)

python-ldap PYPI version =3.0.0, =1.1.89, =3.1.2, =3.7.1, =1.0.426, =2.2.1.dev6, =0.4.4, =1.0.0, =0.0.0, =1.1.0, =3.7.0, =1.0.0, =1.1.7, =1.8.4 and more Source cves: CVE-2025-61911 Source advisory: SNYK:PYTHON-PYTHONLDAP-13535079...

EUVD-2008-4788

Malware in sbrugna...

EUVD-2006-4455

Malware in sbrugna...