47722 matches found
CVE-2026-0102 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
...
CVE-2026-0102 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
...
CVE-2025-33101 Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory...
CVE-2025-33101
CVE-2025-33101 affects IBM Concert Software 1.0.0–2.1.0. The vulnerability arises from improper clearing of heap memory, enabling an attacker to obtain sensitive information via man-in-the-middle techniques. Public sources in connected documents reiterate information disclosure as the impact and ...
CVE-2025-33101 Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the UploadIssueAttachment and UploadReleaseAttachment functions, over the /issues/attachments and /releases/attachments endpoints. This is only exploitable if the RequireSigninView setting is disabled, which it...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the UploadIssueAttachment and UploadReleaseAttachment functions, over the /issues/attachments and /releases/attachments endpoints. This is only exploitable if the RequireSigninView setting is disabled, which it...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via handling passwords as command arguments. An attacker can obtain sensitive information by accessing process arguments through system interfaces. Remediation Upgrade github.com/neuvector/scanner to...
CVE-2026-0997
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...
Honeywell HIB2PI CCTV Camera (Update B)
RISK EVALUATION Successful exploitation of this vulnerability could lead to account takeovers and unauthorized access to camera feeds; an unauthenticated attacker may change the recovery email address, potentially leading to further network compromise. 2. RECOMMENDED PRACTICES CISA recommends...
GE Vernova Enervista UR Setup
RISK EVALUATION Successful exploitation of these vulnerabilities may allow code execution with elevated privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...
Delta Electronics ASDA-Soft
RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to write arbitrary data beyond the bounds of a stack-allocated buffer, leading to the corruption of a structured exception handler SEH. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
Malicious code in polyutil (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 31a0fc68eee0841a78740fd3e3748171612b871b58bf9f3e52b4fa35bed64774 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...
nodejs: Nodejs uninitialized memory exposure
A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other...
pybind: Improper use of Pybind
A flaw was found in Ceph. An attacker can allow Ceph to accept any certificate because no certificate context is passed via Pybind to the constructors imaplib.IMAP4SSL or smtplib.SMTPSSL. As a result, pybind pybind does not check the server's X.509 certificate, instead accepting any certificate...
IBM Concert 安全漏洞
IBM Concert is IBM's software platform for orchestrating and managing enterprise-class applications. An information disclosure vulnerability exists in IBM Concert. An attacker could exploit this vulnerability to steal sensitive information via a man-in-the-middle attack...
KLA90894 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Information disclosure vulnerability can be exploited to...
PT-2026-20240
Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.1.0 Description IBM Concert versions 1.0.0 through 2.1.0 may allow an attacker to obtain sensitive information. This is due to improper clearing of heap memory, potentially enabling a man-in-the-middle...
DARTH-PUM: A Hybrid Processing-Using-Memory Architecture
Analog processing-using-memory PUM; a.k.a. in-memory computing makes use of electrical interactions inside memory arrays to perform bulk matrix-vector multiplication MVM operations. However, many popular matrix-based kernels need to execute non-MVM operations, which analog PUM cannot directly...
CVE-2026-26367
eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce...