CVE-2019-25717

Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration...

PT-2026-45738

Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration...

Exploit for CVE-2025-66478

CVE-2025-66478-Research-Proof-of-Concept Overview This re...

Astra Linux - уязвимость в chromium

Leakage of side-channel information in Google Chrome’s network internals before version 89.0.4389.72 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

Exploit for CVE-2024-28397

CVE-2024-28397 - Js2Py Sandbox Escape Payload Generator This...

PT-2026-39309

Name of the Vulnerable Software and Affected Versions smallbitvec affected versions not specified Description An integer overflow occurs during the internal capacity calculation within the buffer lencap function. When the cap variable is close to usize::MAX, unchecked arithmetic causes the value ...

Astra Linux - уязвимость в chromium

Before version 89.0.4389.72, using "After Free" in the Network Internals section of Google Chrome on Linux allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в chromium

The use of after-free in Base Internals in Google Chrome before version 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...

php-8.5.5-var_destroy-uaf

PHP 8.5.5 — vardestroy destruct reentrancy UAF Siste...

CVE-2026-40602

The Home Assistant Command-line interface hass-cli is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no...

CVE-2026-40602 hass-cli: Handling of user-supplied Jinja2 templates

The Home Assistant Command-line interface hass-cli is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no...

CVE-2026-40602 hass-cli: Handling of user-supplied Jinja2 templates

The Home Assistant Command-line interface hass-cli is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no...

GHSA-538C-55JV-C5G9 ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.

Summary The ExternalDataInfo class in ONNX was using Python’s setattr function to load metadata like file paths or data lengths directly from an ONNX model file. The problem? It didn’t check if the "keys" in the file were valid. Because it blindly trusted the file, an attacker could craft a...

Prototype Pollution

Overview @apollo/federation-internals is an Apollo Federation internal utilities Affected versions of this package are vulnerable to Prototype Pollution through incomplete sanitization of input in the query plan execution. An attacker can manipulate the Object.prototype in the gateway by crafting...

EUVD-2026-10061

parse-server: Malformed $regex query leaks database error details in API response...

CVE-2026-30835

Parse Server vulnerability CVE-2026-30835 affects Parse Server before versions 8.6.7 and 9.5.0-alpha.6, where a malformed $regex query parameter can cause the database to return a structured error object unsanitized through the API response. This leaks internal database details such as error mess...

CVE-2026-30835

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response...

PT-2026-23754

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.7 Parse Server versions prior to 9.5.0-alpha.6 Description Parse Server is an open-source backend deployable on Node.js infrastructures. A malformed $regex query parameter, such as abc, can cause the database...

[SECURITY] Fedora 42 Update: rust-time-core-0.1.8-1.fc42

Internal implementation details of the 'time' crate...

CVE-2023-37525

A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals...