Svelte security vulnerabilities

Svelte is an open-source approach to building web applications. Versions of Svelte from 5.1.0 to 5.6.1 have security vulnerabilities. These vulnerabilities stem from the ArrayBuffer hydration process not checking input assumptions properly, which can lead to denial-of-service attacks...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988715)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988715 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: betop: fix slab-out-of-bounds Write in betopprobe Syzbot reported slab-out-of-bounds Write b...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and iPadOS contain an Improvement Check Insufficiency vulnerability that can be exploited by attackers to cause an application to monitor keystrokes without th...

EUVD-2021-0020

Malware in sbrugna...

EUVD-2019-7740

Malware in sbrugna...

EUVD-2021-12250

Malware in sbrugna...

EUVD-2018-3844

Malware in sbrugna...

EUVD-2005-1873

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986544)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986544 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: betop: fix slab-out-of-bounds Write in betopprobe Syzbot reported slab-out-of-bounds Write b...

EUVD-2021-9959

Malicious code in bioql PyPI...

CVE-2022-50394

CVE-2022-50394 affects the Linux kernel i2c subsystem (specifically the ismt ioctl path in the ismt_access() function). The vulnerability arises when the driver does not validate user-supplied data, allowing an oversized data->block[0] to trigger an out-of-bounds read, as demonstrated by the k...

CVE-2025-31714

In Developer Tools, there is a possible missing verification incorrect input. This could lead to local escalation of privilege with no additional execution privileges needed...

CVE-2025-38483 comedi: das16m1: Fix bit shift out of bounds

In the Linux kernel, the following vulnerability has been resolved: comedi: das16m1: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: / only irqs 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, and 15 are valid / if 1 options1 & 0xdcfc However, it-optionsi is an...

CVE-2023-26439

The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users cached data. We have...

PT-2025-12371

Name of the Vulnerable Software and Affected Versions nr modem affected versions not specified Description The software may experience a system crash because of improper input validation. This can result in a remote denial of service, and does not require additional execution privileges...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial Of Service DoS. The vulnerability exists because the readChunkLine function in chunked.go does not properly check the bytes from the request or response body. A malicious attacker can exploit this to cause a server to automatically read a large amount ...

Sql injection

The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have improved the inpu...

CVE-2023-26439

The CVE-2023-26439 issue affects the Open-Xchange AppSuite, specifically the cacheservice API. A SQL injection vulnerability arises from insufficient sanitization of parameters in API calls, enabling attackers with local or restricted network access to execute arbitrary SQL queries and potentiall...

Upgraded Q -> 2 from #17 [1678363178694]

Judge has assessed an item in Issue 17 as 2 risk. The relevant finding follows: 5. Duplicated swingTrader addresses can be added which make sellMalt/buyMalt working incorrectly Details In function addSwingTrader, there is no check to ensure swingTrader address is not existed. So admin can make a...

AZL-13827 CVE-2022-4904 affecting package nodejs for versions less than 16.20.1-2

A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity...