USN-8378-1: libwww-perl vulnerability

It was discovered that libwww-perl incorrectly handled redirects. A remote attacker could possibly use this issue to obtain sensitive information by causing Authorization headers to be sent to a different host...

Mercusys AC12G 安全漏洞

The Mercusys AC12G is a Gigabit wireless router produced by the Chinese company Mercusys. The Mercusys AC12G EU V1 AC12G EU V1 version has a security vulnerability. This vulnerability arises from returning uninitialized internal buffer contents when HTTP POST requests are sent to an undefined pat...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability caused by a race condition in the GPU component. This vulnerability could allow remote attackers with access to the compromised renderer process to exploit t...

MAL-2026-3675 Malicious code in 6cc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4956159952af1b6af08b70ab219d7827988fae1fd82994f29090a1f2bf299094 index.js executes on require as an IIFE that reassigns console.warn/error and adds console.SL/FB/N to forward arguments via fetch to a hardcoded...

CVE-2026-5335

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

IBM Concert has an information disclosure vulnerability

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An information disclosure vulnerability exists in IBM Concert versions 1.0.0 through 2.1.0, which can be exploited by an attacker to obtain sensitive...

CVE-2025-10258 A time-based SQL Injection vulnerability in Infinera DNA

Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may result in leaking of sensitive information...

Directory Traversal

Overview letta is a Create LLM agents with long-term memory and custom tools Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization in the file upload functionality. An attacker can upload and overwrite files outside the intended directory by providi...

EUVD-2013-7087

Malware in sbrugna...

EUVD-2017-16953

Malware in sbrugna...

Agentic Misalignment: How LLMs Could Be Insider Threats

We stress-tested 16 leading models from multiple developers in hypothetical corporate environments to identify potentially risky agentic behaviors before they cause real harm. In the scenarios, we allowed models to autonomously send emails and access sensitive information. They were assigned only...

EUVD-2022-0879

Malicious code in bioql PyPI...

EUVD-2021-34652

Malicious code in bioql PyPI...

EUVD-2024-2952

Malicious code in bioql PyPI...

tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources

A flaw has been discovered in path handling logic in Apache Tomcat. When using either PreResources or PostResources mounted on a non-root path, it is possible to access resources via an unexpected path. This may result in leaking of files on those paths...

The vulnerability of the Mbed TLS software lies in its use of hidden time channels for data transmission, which allows a hacker to recover the plaintext.

The vulnerability of Mbed TLS software is related to the use of hidden time channels for data transmission. Exploiting this vulnerability allows a remote attacker to recover the exposed text...

CVE-2025-38011

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: csa unmap use uninterruptible lock After process exit to unmap csa and free GPU vm, if signal is accepted and then waiting to take vm lock is interrupted and return, it causes memory leaking and below warning backtrac...

CVE-2025-48383 Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking

Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...

CVE-2023-45825

ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using...

SUSE CVE-2022-49786

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: properly pin the parent in blkcgcssonline blkcgcssonline is supposed to pin the blkcg of the parent, but 397c9f46ee4d refactored things and along the way, changed it to pin the css instead. This results in extra pins,...