CVE-2025-55238

CVE-2025-55238 affects Microsoft Dynamics 365 FastTrack Implementation Assets. The connected sources describe an information disclosure vulnerability arising from an access control error, enabling leakage of asset information. No concrete exploit details, affected version ranges, or remediation/f...

CVE-2025-55238 Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability

...

CVE-2025-26452

In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26438

In smpprocesssecureconnectionoobdata of smpact.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

bpf: Use raw_spinlock_t in ringbuf

...

CVE-2025-57613

An issue was discovered in rust-ffmpeg 0.3.0 after comit 5ac0527 A null pointer dereference vulnerability in the input constructor function allows an attacker to cause a denial of service. The vulnerability is triggered when the avioalloccontext call fails and returns NULL, which is then stored a...

Google Android 安全漏洞

Google Android is a free and open source mobile operating system based on the Linux kernel, developed by Google Inc. and the Open Handset Alliance, and is mainly used for smartphones, tablets and other devices. Google Android suffers from an incorrect protocol implementation vulnerability that ca...

Constructing a Photonic Implementation of Quantum Key Distribution

Quantum Key Distribution QKD stands as a revolutionary approach to secure communication, using the principles of quantum mechanics to establish unbreakable channels. Unlike traditional cryptography, which relies on the computational difficulty of mathematical problems, QKD utilizes the inherent...

loop: implement ->free_disk

...

CVE-2025-9865

Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

Linux Distros Unpatched Vulnerability : CVE-2017-14737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover...

PT-2025-35577

Name of the Vulnerable Software and Affected Versions: rust-ffmpeg version 0.3.0 Description: A null pointer dereference issue exists in the input constructor function. This can lead to a denial of service when the avio alloc context call fails and returns NULL, which is subsequently dereferenced...

Passwords and FIDO2 Are Meant to Be Secret: a Practical Secure Authentication Channel for Web Browsers

Password managers provide significant security benefits to users. However, malicious client-side scripts and browser extensions can steal passwords after the manager has autofilled them into the web page. In this paper, we extend prior work by Stock and Johns, showing how password autofill can be...

An Intrusion Detection System in Internet of Things Using Grasshopper Optimization Algorithm and Machine Learning Algorithms

The Internet of Things IoT has emerged as a foundational paradigm supporting a range of applications, including healthcare, education, agriculture, smart homes, and, more recently, enterprise systems. However, significant advancements in IoT networks have been impeded by security vulnerabilities...

PT-2025-46610

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s IPv6 implementation within the ip6 xmit function. The issue stems from a use-after-free condition that can occur due to improper handling of device...

📄 Generic Payload Handler

This Metasploit module is a stub that provides all of the features of the Metasploit payload system to exploits that have been launched outside of the framework. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Exploit for CVE-2007-2447

CVE-2007-2447 Samba Exploit A Rust implementation of the CVE-...

CVE-2025-57804

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without...

CVE-2025-57804 h2 allows HTTP Request Smuggling due to illegal characters in headers

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without...

Bjskzy Zhiyou ERP 安全漏洞

Bjskzy Zhiyou ERP is an enterprise resource planning software from Beijing, China-based Bjskzy Zhiyou Bjskzy. A security vulnerability exists in Bjskzy Zhiyou ERP version 11.0 and earlier, which originates from SQL injection due to incorrect manipulation of the parameter sql in the...