Pixnapping: Bringing Pixel Stealing out of the Stone Age

Pixel stealing attacks enable malicious websites to leak sensitive content displayed in victim websites. The idea, introduced by Stone in 2013, is to embed victim websites in iframes and use SVG filters to compute on, and create side channels as a function of, those websites' pixels. Fortunately,...

EUVD-2023-46440

Malicious code in bioql PyPI...

EUVD-2024-18478

Malicious code in bioql PyPI...

microcode_ctl: From CVEorg collector

New Spectre-v2 attack classes have been discovered within CPU architectures that enable self-training exploitation of speculative execution within the same privilege domain. These novel techniques bypass existing hardware and software mitigations, including IBPB, eIBRS, and BHINO, by leveraging...

CVE-2025-43578

CVE-2025-43578 affects Adobe Acrobat Reader. The issue is an out-of-bounds read vulnerability that can disclose sensitive memory and bypass ASLR. Affected builds include Acrobat Reader 24.001.30235, 20.005.30763, 25.001.20521 and earlier. Exploitation requires user interaction (victim must open a...

CVE-2022-20258

In Bluetooth, there is a possible way to bypass compiler exploit mitigations due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android I...

DEBIAN-CVE-2024-2201

A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent FineIBT, and to leak arbitrary Linux kernel memory on Intel systems...

CVE-2024-2201 CVE-2024-2201

A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent FineIBT, and to leak arbitrary Linux kernel memory on Intel systems...

CVE-2024-2201 CVE-2024-2201

A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent FineIBT, and to leak arbitrary Linux kernel memory on Intel systems...

UBUNTU-CVE-2024-2201

A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent FineIBT, and to leak arbitrary Linux kernel memory on Intel systems...

CVE-2023-47072

Adobe After Effects version 24.0.2 and earlier and 23.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue...

CVE-2023-44357

Adobe Acrobat Reader versions 23.006.20360 and earlier and 20.005.30524 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue...

CVE-2023-44356

Adobe Acrobat Reader versions 23.006.20360 and earlier and 20.005.30524 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue...

Apple macOS Buffer Error Vulnerability

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Sonoma version 14.1, which stems from an attacker who has implemented kernel code execution may be able to bypass kernel memory mitigations...

Server-Side Request Forgery in Request

The request package through 2.88.2 for Node.js and the @cypress/request package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: The request package is no longer supported by the maintain...

SUSE CVE-2021-4159

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating som...

CVE-2023-23849

Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes...

Adobe InCopy 资源管理错误漏洞

Adobe InCopy is a text editing software for authoring from Adobe. Adobe InCopy has a use-after-release vulnerability that can be exploited by attackers to bypass mitigations such as ASLR and cause sensitive memory leaks...

CVE-2022-26873

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...

CVE-2022-40246

A potential attacker can write one byte by arbitrary address at the time of the PEI phase only during S3 resume boot mode and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines V...