CVE-2026-34777 Electron: Incorrect origin passed to permission request handler for iframe requests

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to...

EUVD-2020-28590

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2025-38518

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Disable INVLPGB on Zen2 AMD Cyan Skillfish Family 17h, Model 47h, Stepping 0h h...

Linux Distros Unpatched Vulnerability : CVE-2024-4032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as globally reachable or private. This affect...

RUSTSEC-2025-0053 Multiple memory corruption vulnerabilities in safe APIs

The crate has the following vulnerabilities: - The public trait arenavec::common::AllocHandle allows the return of raw pointers through its methods allocate and allocateorextend. However, the trait is not marked as unsafe, meaning users of the crate may implement it under the assumption that the...

kernel: tls: handle backlogging of crypto requests

A flaw was found in the tls subsystem of the Linux kernel. When setting the CRYPTOTFMREQMAYBACKLOG flag on requests to the crypto API, cryptoaeadencrypt and cryptoaeaddecrypt functions can return -EBUSY instead of -EINPROGRESS in valid situations. This issue could lead to undefined behavior and a...

IBM DevOps Deploy and IBM UrbanCode Deploy Access Control Error Vulnerability

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...

IBM UrbanCode Deploy 安全漏洞

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...

PT-2023-31409 · Interaxon · Muse App +1

Name of the Vulnerable Software and Affected Versions: InteraXon Muse 2 devices affected versions not specified Description: The issue allows remote attackers to cause a denial of service, resulting in an incorrect report of an outstanding, calm meditation state. This is achieved via a 480 MHz RF...

Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels

An investigation into data safety labels for Android apps available on the Google Play Store has uncovered "serious loopholes" that allow apps to provide misleading or outright false information. The study, conducted by the Mozilla Foundation as part of its Privacy Not Included initiative, compar...

openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS

A flaw was found in OpenSSL's Online Certificate Status Protocol OCSP response functionality in the signer certificate verification routines. This flaw could result in a linked application falsely believing that an x.509 Digital Certificate is either "good" or "unknown" when revoked and requires...

CVE-2020-7464

In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure4 device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a...

kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.

A flaw was found in the prctl function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to...

Monero: Misreporting of received amount by show_transfers

Summary: A sender may cause showtransfers to report a higher amount that was actually sent on the recipient's showtransfers output. Description: Due to a flaw in processnewtransaction in wallet2.cpp, if the tx pubkey is present multiple times, it will decode outputs correctly as many times, and a...

Insecure pages can show incorrect security information – Opera Security Advisories

Insecure pages can show incorrect security information – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Less Severe Problem Description When insecure pages load content from secure sites into a frame, they can cause Opera to incorrectly report the insecure site as being secure...