cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...

CVE-2025-68924

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

CVE-2021-22650

An attacker may use TWinSoft and a malicious source project file TPG to extract files on machine executing Ovarro TWinSoft, which could lead to code execution...

CVE-2026-21437

Summary: CVE-2026-21437 affects the Solus eopkg package manager. In versions prior to 4.4.0, a malicious package could include files not tracked by eopkg, and such files would not be shown by tools like lseopkg. This requires installation from a malicious or compromised source. The issue is fixed...

CVE-2025-32753

creationtimestamp| type| source ---|---|--- 2025-06-20 14:43:38+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/18962...

CVE-2024-43738

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a malicious source is processed by a web...

PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit

BYOSI - Bring-Your-Own-Script-Interpreter - Leveraging the abuse of trusted applications, one is able to deliver a compatible script interpreter for a Windows, Mac, or Linux system as well as malicious source code in the form of the specific script interpreter of choice. Once both the malicious...

CVE-2008-0379

creationtimestamp| type| source ---|---|--- 2024-02-02 21:16:46+00:00| seen| https://t.me/ctinow/178274...

Imageflow affected by libwebp zero-day and should not be used with malicious source images.

Impact This vulnerability affects deployments of Imageflow that involve decoding or processing malicious source .webp files. If you only process your own trusted files, this should not affect you but you should update anyway. Imageflow relies on Google's libwebp library to decode .webp images, an...

CVE-2023-21991

creationtimestamp| type| source ---|---|--- 2023-04-26 11:03:01+00:00| exploited| https://t.me/CyberSecurityTechnologies/8189 2023-05-12 17:49:32+00:00| published-proof-of-concept| https://t.me/dilagrafie/2973 2023-11-04 01:20:21+00:00| published-proof-of-concept|...

Updated dpkg packages fix security vulnerability

A malicious source package could write files outside the unpack directory. CVE-2022-1664...

MGASA-2022-0327 Updated dpkg packages fix security vulnerability

A malicious source package could write files outside the unpack directory. CVE-2022-1664...

Code injection

An attacker may use TWinSoft and a malicious source project file TPG to extract files on machine executing Ovarro TWinSoft, which could lead to code execution...

Apple Swift 代码问题漏洞

Apple Swift is a programming language for macOS, iOS, watchOS, and tvOS from Apple USA. A security vulnerability exists in Swift swift-corelibs-foundation version 5.6.1 and prior versions, which originates from a potentially malicious source that generates JSON documents containing type mismatche...

Remote Code Execution (RCE)

Overview dependabot-common is an Automated dependency management. Affected versions of this package are vulnerable to Remote Code Execution RCE by cloning source branch containing malicious injectable bash code. Remediation Upgrade dependabot-common to version 0.125.1 or higher. References - GitH...

Remote Code Execution (RCE)

Overview dependabot-omnibus is an Automated dependency management Affected versions of this package are vulnerable to Remote Code Execution RCE by cloning source branch containing malicious injectable bash code. Remediation Upgrade dependabot-omnibus to version 0.125.1 or higher. References -...

GHSA-Q8XG-8XWF-M598 Machine-In-The-Middle in lix

All versions of lix are vulnerable to Machine-In-The-Middle. The package accepts downloads with http and follows location header redirects for package downloads. This allows for an attacker in a privileged network position to intercept a lix package installation and redirect the download to a...

Debian DSA-3345-1 : iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-4497 Jean-Max Reymond and Ucha Gobejishvili discovered a use-after-free vulnerability which...

firefox: multiple issues

CVE-2015-4497 use-after-free when resizing canvas element during restyling: Mozilla community member Jean-Max Reymond discovered a use-after-free vulnerability with a canvas element on a page. This occurs when a resize event is triggered in concert with style changes but the canvas references...