Linux Distros Unpatched Vulnerability : CVE-2026-27858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force...

When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation

Overview Rapid7 Labs has identified and analyzed an ongoing, widespread compromise of legitimate, potentially highly trusted WordPress websites, misused by an unidentified threat actor to inject a ClickFix implant impersonating a Cloudflare human verification challenge CAPTCHA. The lure is design...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the validating admission controller feature. An attacker can exhaust system memory resources by sending large requests, potentially causing the controller pod to be terminated or...

EUVD-2012-2655

Malware in sbrugna...

EUVD-2021-1868

Malware in sbrugna...

EUVD-2024-2664

Malicious code in bioql PyPI...

CVE-2025-21021

Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory...

CVE-2025-21017

CVE-2025-21017 affects Samsung Blockchain Keystore: an out-of-bounds write in the detaching crypto box allows local privileged attackers to write memory beyond bounds. Impact includes potential data corruption or code execution within the Keystore context. Affected versions are Blockchain Keystor...

TencentOS Server 3: openssl (TSSA-2023:0014)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0014 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Linux Distros Unpatched Vulnerability : CVE-2021-40839

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding such as via ;\x2f\x7f, enabling a remote attack that consumes CPU and...

Linux Distros Unpatched Vulnerability : CVE-2021-35477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel...

Azure Linux 3.0 Security Update: coredns (CVE-2023-49295)

The version of coredns installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-49295 advisory. - quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause...

CVE-2024-34629

Samsung Notes contains a local out-of-bounds read vulnerability in the binary/text common object handling, affected in versions prior to 4.4.21.62. An attacker with local access could potentially read memory from the affected app. The available public details identify the affected product (Samsun...

AZL-35875 CVE-2024-28180 affecting package cert-manager for versions less than 1.12.12-1

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

CVE-2023-4641 Shadow-utils: possible password leak during passwd(1) change

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from...

Huawei EulerOS: Security Advisory for shadow (EulerOS-SA-2023-3231)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : shadow (SUSE-SU-2023:4024-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4024-1 advisory. - A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice...

CVE-2022-40136

An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory...

KB5014165 - Description of the security update for SQL Server 2014 SP3 GDR: June 14, 2022

KB5014165 - Description of the security update for SQL Server 2014 SP3 GDR: June 14, 2022 Summary How to obtain and install the update More information File information Information about protection and security Summary An authenticated attacker could affect SQL Server memory when executing a...

IBM PowerVM Hypervisor Access Control Error Vulnerability

IBM PowerVM Hypervisor is an application from Universal Business Machines IBM, Inc. provides a secure and scalable virtualization environment for applications built on the advanced RAS capabilities and leading performance of the Power Systems platform.An access control error vulnerability exists ...