68 matches found
CVE-2026-30790
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-3598
Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Config string generation, web console export modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program routin...
PT-2026-23461
Name of the Vulnerable Software and Affected Versions RustDesk Server Pro versions through 1.7.5 Description A security issue exists in RustDesk Server Pro related to the transmission of sensitive information in cleartext. The vulnerability is present in the address book sync API modules and allo...
CVE-2025-13524
Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another user after they close their call window. This issue occurs under certain conditions, which require...
GHSA-R9X7-7GGJ-FX9F PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users
Summary Dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on PrivateBin will execute arbitrary JavaScript within their own session self-XSS. This allows an attacker who can entice a victim to drag or...
CVE-2025-64711 PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on...
CVE-2025-64711 PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on...
CVE-2025-43079
CVE-2025-43079 concerns Qualys Cloud Agent where the bundled uninstall script qagent_uninstall.sh (Mac/Linux) executes multiple system commands without absolute paths and without sanitizing $PATH. The root cause is reliance on manipulated PATH, enabling a privileged user (root/sudo) with elevated...
EUVD-2025-30262
Malicious code in bioql PyPI...
EUVD-2025-14322
Malicious code in bioql PyPI...
CVE-2025-34190 Vasion Print (formerly PrinterLogic) PrinterInstallerClientService Authentication Bypass via LD_PRELOAD Hooking
Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 macOS/Linux client deployments are vulnerable to an authentication bypass in PrinterInstallerClientService. The service requires root privileges for certain...
CVE-2025-34189 Vasion Print (formerly PrinterLogic) Insecure Inter-Process Communication Allows Local Session Hijacking
Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 macOS/Linux client deployments contain a vulnerability in the local inter-process communication IPC mechanism. The software stores IPC request and response files inside...
CVE-2025-34189
Vasion Print Virtual Appliance Host <1.0.735 and Vasion Print Application
CVE-2025-34188 Vasion Print (formerly PrinterLogic) Local Log Disclosure of Cleartext Sessions
Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 macOS/Linux client deployments contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravelsession, are...
PT-2025-38591
Name of the Vulnerable Software and Affected Versions Vasion Print Virtual Appliance Host versions prior to 1.0.735 Vasion Print Application versions prior to 20.0.1330 Description The local logging mechanism in Vasion Print contains a security issue where authentication session tokens, including...
[SECURITY] Fedora 42 Update: uv-0.8.11-2.fc42
An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...
BIT-LIBPYTHON-2024-12254 Unbounded memory buffering in SelectorSocketTransport.writelines()
Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via unbounded values in the dataWindow header field. An attacker can exhaust system memory or cause the application to crash by supplying specially crafted files with excessively larg...
Missing Encryption of Sensitive Data
Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to the ordering of code used to start an MCP server container. An attacker can read secrets without needing access to the secrets store itself by gaining access to the home folder of the user who...
CVE-2024-12254
A flaw was found in Python. In certain configurations, the asyncio.SelectorSocketTransport.writelines method fails to signal the protocol to clear the write buffer when it approaches capacity. Because of this, protocols would not periodically drain the write buffer, potentially leading to a denia...