PT-2026-43026

This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including...

CVE-2026-8570

Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-30464

Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-8543

CVE-2026-8543 describes an out-of-bounds read in the FileSystem component of Google Chrome on macOS. The issue exists before Chrome 148.0.7778.168 and can be triggered when a user is convinced to perform specific UI gestures on a crafted HTML page, potentially allowing access to sensitive data fr...

CVE-2026-31241

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint DELETE /memories. The endpoint allows unauthenticated users to delete memory records by specifying arbitrary user identifiers e.g., userid, runid, agentid in the request query parameters. A...

GHSA-GQ6F-QWV9-RF4J mem0 server lacks authentication and authorization controls for its memory deletion API endpoint

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint DELETE /memories. The endpoint allows unauthenticated users to delete memory records by specifying arbitrary user identifiers e.g., userid, runid, agentid in the request query parameters. A...

EUVD-2026-29564

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint DELETE /memories. The endpoint allows unauthenticated users to delete memory records by specifying arbitrary user identifiers e.g., userid, runid, agentid in the request query parameters. A...

CVE-2026-31240

The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records PUT /memories/memoryid are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit...

CVE-2026-43434

In the Linux kernel, the following vulnerability has been resolved: rustbinder: check ownership before using vma When installing missing pages or zapping them, Rust Binder will look up the vma in the mm by address, and then call vminsertpage or zappagerangesingle. However, if the vma is closed an...

CVE-2025-64646

IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources...

CVE-2025-64646

CVE-2025-64646 affects IBM Concert versions 1.0.0–2.2.0. The issue arises from a buffer not being properly cleared, enabling an attacker to access sensitive information in memory. The NVD entries corroborate the impact as confidentiality risk (HIGH) with local, low-complexity access and no user i...

EulerOS Virtualization 2.12.0 : systemd (EulerOS-SA-2026-1523)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a...

Malicious code in do-not-install-this-package-004 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 155862095ddb7d3410298aef76abdda3e7eeaf5609b72f97c30790c317b8d1cb During installation, the package exfiltrates env variables and data from different process memory to a remote location --- Category: MALICIOUS - The campaign h...

mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft

Summary When the HTTP server is enabled MCPHTTPENABLED=true, the application configures FastAPI's CORSMiddleware with alloworigins='', allowcredentials=True, allowmethods="", and allowheaders="". The wildcard Access-Control-Allow-Origin: header permits any website to read API responses...

Malicious code in do-not-install-this-package-003 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3b7a8f2037bd4c28a5474af17179da0c12e37019623f5efa4d081d60758d4ac9 During installation, the package exfiltrates env variables and data from different process memory to a remote location --- Category: MALICIOUS - The campaign h...

CVE-2025-13108

CVE-2025-13108 affects IBM Db2 Merge Backup for Linux, UNIX and Windows, version 12.1.0.0. The root cause is a buffer not properly cleared, which could allow an attacker to access sensitive information stored in memory. The vulnerability is documented across multiple sources (IBM, Red Hat, NVD, e...

QNAP Qsync Central 安全漏洞

QNAP Qsync Central is a cloud-based file synchronization service for NAS devices provided by QNAP Technology Co., Ltd. Versions of QNAP Qsync Central prior to 5.0.0.4 contained security vulnerabilities. These vulnerabilities were caused by excessive pointer offsets, which could allow remote...

XenServer Security Update for CVE-2025-58151 and CVE-2026-23553

Severity:Medium Description of Problem An issue has been identified in XenServer 8.4 that may allow privileged code in a guest VM to cause the host to become slow or unresponsive to management operations. This issue has the following identifier: CVE-2025-58151 A further issue has been identified ...

CVE-2025-65832

The CVE describes a memory-handling flaw in the Meatmeet mobile application (notably Meatmeet Pro App version v1.1.2.0 per CNNVD) where sensitive data stored in memory—Wi-Fi credentials transmitted during pairing, JWTs, and other details—can be exposed by a memory dump after logout. An attacker w...

systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the origina...