CVE-2026-45076

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This...

EUVD-2026-31830

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

JLSEC-2026-514

An uncontrolled resource consumption memory leak flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability...

Sonatype Nexus Repository Manager 代码问题漏洞

Sonatype Nexus Repository Manager NXRM is a repository manager developed by Sonatype, Inc., in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository Manager from 3.0.0 to 3.91.1 contained code vulnerabilities. These...

GHSA-FWF6-J56G-M97C Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click

Impact Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. When a user connects to a malicious SSH server, the attacker can print a crafted URI in the terminal output. If the victim clicks the link,...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from incomplete DACL validation in the functions buildsecdesc and idmodetocifsacl. This vulnerability...

thunderbird: Out of bounds read in IMAP parsing

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were...

CVE-2026-1628

Mattermost Desktop App versions =5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server...

GHSA-V3C9-J6H9-66V4 Apache Airflow has a command injection vulnerability in "example_dag_decorator"

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

Apache Airflow 安全漏洞

Apache Airflow is a set of open source platforms with the ability to create, manage and monitor workflows from the US Apache Apache Foundation. The platform is characterized by scalability and dynamic monitoring. Apache Airflow suffers from a security vulnerability that stems from unvalidated...

EUVD-2019-11471

Malware in sbrugna...

EUVD-1999-1483

Malware in sbrugna...

EUVD-2002-0678

Malware in sbrugna...

EUVD-2005-0869

Malware in sbrugna...

EUVD-2017-16460

Malware in sbrugna...

EUVD-2003-0318

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-8822

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect buffer length handling in the ncpreadkernel function in fs/ncpfs/ncplibkernel.c in the Linux kernel through 4.15.11, and in...

List-Decodable Byzantine Robust PIR: Lower Communication Complexity, Higher Byzantine Tolerance, Smaller List Size

Private Information Retrieval PIR is a privacy-preserving primitive in cryptography. Significant endeavors have been made to address the variant of PIR concerning the malicious servers. Among those endeavors, list-decodable Byzantine robust PIR schemes may tolerate a majority of malicious...

CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks

Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted by threat actors to obscure a command-and-control C2 channel. "'Fast flux' is a technique used to...

DEBIAN-CVE-2024-45340

Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file...