CVE-2022-37377

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 11.1.1.53537;. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

EUVD-2022-49544

Malicious code in bioql PyPI...

EUVD-2023-0138

Malicious code in bioql PyPI...

EUVD-2023-50931

Malicious code in bioql PyPI...

Oracle Critical Patch Update Advisory - July 2025

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

Linux kernel improper locking vulnerability (CNVD-2025-05316)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from an improper locking vulnerability that stems from the use of spinlock in an interruptible context, which could lead to a deadlock. The vulnerability c...

Finding the LNK: Techniques and methodology for advanced analysis with Velociraptor

Malicious exploitation of LNK files, commonly known as Windows shortcuts, is a well-established technique used by threat actors for delivery and persistence. While the value of LNK forensics for cyber threat intelligence CTI is fairly well-understood, analysts may overlook less well-known data...

CVE-2024-3701

CVE-2024-3701 affects the system application component com.transsion.kolun.aiservice. The authenticated check is missing in this component, enabling attackers to perform malicious exploitations that can impact system services. The vulnerability is characterized as high severity (CVSS v3.1: 9.8, C...

KLA65226 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. Out of...

KLA65127 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Microsoft Office can be...

CVE-2024-23652

A vulnerability was found in the Moby Builder Toolkit, which arose from BuildKit's attempts to clean up temporarily added directories after use. A malicious BuildKit frontend or Dockerfile using RUN --mount could deceive the feature responsible for removing empty files created for the mount point...

malicious borrowers can follow reclaimLiquidity() then execute addPremium() to invalidate renewalCutoffTime

Lines of code Vulnerability details Vulnerability details LP can set renewalCutoffTime=block.timestamp by executing reclaimLiquidity, to force close position function liquidatePosition DataStruct.ClosePositionParams calldata params, address borrower external override nonReentrant ... if...

KLA49157 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in SysInternals Sysmon for Windows can be...

Small amounts of funds can be stolen during recollateralization

Lines of code Vulnerability details Impact This is similar to the "high" vulnerability I submitted but shows a similar exploit can be done if a user isn't a whale, stealing a smaller amount of funds. This is potentially a "high" risk depending on how easy you think execution is. I think it's...

The 9th Google Chrome Zero-Day Threat this Year – Again Just Before the Weekend

Google has released yet another security update for the Chrome desktop web browser to address a high-severity vulnerability that is being exploited in the wild. This is the ninth Chrome zero-day fixed this year by Google. This security bug CVE-2022-4262; QID 377804 is a Type Confusion vulnerabili...

URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths

Impact URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to...

CVE-2022-31052

Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the reques...

KLA12563 OSI vulnerability in Microsoft Developer Tools

Information disclosure vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2022-30184 Related products Microsoft-Visual-Studio CVE list CVE-2022-30184 unknown KB list 5015429 5015424 Solution...

Design/Logic Flaw

The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. A malicious attacker with physical access to the affected device could exploit these vulnerabilities...

Oracle Critical Patch Update Advisory - January 2021

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...