Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tick/nohz: unexport init-annotated ticknohzfullsetup EXPORTSYMBOL and init is a bad combination because the .init.text section is freed up after initialization. Hence, modules cannot use symbols annotated init. Access to a freed...

BinDiff 8

BinDiff is an open-source comparison tool for binary files to quickly find differences and similarities in disassembled code...

CVE-2025-66523

URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link. This issue affects na1.foxitesign.foxit.com: before 2026‑01‑16...

CVE-2003-1161

exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing WCLONE|WALL to the syswait4 function...

CVE-2023-49788

Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server richdocumentscode is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attac...

Why Data Security and Privacy Need to Start in Code

AI-assisted coding and AI app generation platforms have created an unprecedented surge in software development. Companies are now facing rapid growth in both the number of applications and the pace of change within those applications. Security and privacy teams are under significant pressure as t...

CVE-2025-66208

Collabora Online - Built-in CODE Server richdocumentscode provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE OS Command Injection in richdocumentscode proxy. Users of Nextclou...

CVE-2025-66208

Collabora Online - Built-in CODE Server richdocumentscode provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE OS Command Injection in richdocumentscode proxy. Users of Nextclou...

CVE-2025-66208 Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy

Collabora Online - Built-in CODE Server richdocumentscode provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE OS Command Injection in richdocumentscode proxy. Users of Nextclou...

EUVD-2025-201097

Collabora Online - Built-in CODE Server richdocumentscode provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE OS Command Injection in richdocumentscode proxy. Users of Nextclou...

PT-2025-48979

Name of the Vulnerable Software and Affected Versions Collabora Online - Built-in CODE Server versions prior to 25.04.702 Description Collabora Online - Built-in CODE Server, which provides document editing features, contains a configuration-dependent Remote Code Execution RCE issue in the...

EUVD-2025-60988

SQL Anywhere Monitor Non-GUI baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system...

EUVD-2023-52370

Malicious code in bioql PyPI...

PT-2025-40412

Name of the Vulnerable Software and Affected Versions Flock Safety Pisco application version 6.21.11 Description The Flock Safety Pisco application for Android contains a cleartext Auth0 client secret within its codebase. Attackers can recover this OAuth secret without elevated privileges by...

GHSA-4MHV-8RH3-4GHW DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error

Impact We found two instances in the DragonFly codebase where the first return value of a function is dereferenced even when the function returns an error figures 9.1 and 9.2. This can result in a nil dereference, and cause code to panic. The codebase may contain additional instances of the bug...

CVE-2025-8857 Changing｜Clinic Image System - Use of Hard-coded Credentials

Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code...

Evope 1.1.3.20 Hardcoded Cryptographic Key

The component Evope Core in Evope version 1.1.3.20 uses a hardcoded cryptographic key, which means that encryption/decryption keys are permanently embedded in the source code, rather than being securely managed. This creates a critical security flaw because anyone who gains access to or...

CVE-2019-1010113

Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting XSS. The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a lin...

Pheonix App 安全漏洞

Pheonix App is a powerful Python application from the individual developers at AkshuDev. Pheonix App has a security vulnerability that stems from the mapping of encoding and decoding languages being visible in the code...

CVE-2023-47704

IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220...