PT-2026-41125

Name of the Vulnerable Software and Affected Versions eMagicOne Store Manager versions prior to 1.3.3 Description Improper neutralization of special elements used in an SQL command allows for Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return data...

CVE-2019-11867

Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to do any size checking on an input buffer from user space, which the driver assumes has a size greater than zero bytes. To exploit this vulnerability, an attacker must send an IRP with a system buffer size of 0...

EUVD-2025-25239

Malicious code in bioql PyPI...

CVE-2025-30687

...

Linux Distros Unpatched Vulnerability : CVE-2024-4741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A us...

Security Vulnerabilities fixed in Firefox ESR 115.21 — Mozilla

In resizeToAtLeast of SkRegion.cpp, there was a possible out of bounds write due to an integer overflow On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. It was possibl...

Bruno IDE Desktop Command Injection

A command injection vulnerability in the function shell.openExternal of Bruno IDE Desktop prior to version 1.29.0 allows attackers to execute arbitrary commands by supplying a crafted URL, leading to potential remote code execution. ===== Tempest Security Intelligence - ADV-10/2024...

CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

Google Chrome Security Update (stable-channel-update-for-desktop-2024-12) - Linux

Google Chrome is prone to a type confusion vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...

PT-2024-27991 · Hgsl · Hgsl

Name of the Vulnerable Software and Affected Versions: HGSL affected versions not specified Description: The issue involves memory corruption that occurs when invoking IOCTL calls from user-space for the HGSL memory node. This can potentially lead to exploitation. Recommendations: At the moment,...

mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2

The Mozilla Foundation's Security Advisory: Memory safety bugs are present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort, some of these could have been exploited to run arbitrary code...

CVE-2021-47174

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapoavx2: Add irqfpuusable check, fallback to non-AVX2 version Arturo reported this backtrace: 709732.358791 WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernelfpubeginmask+0xae/0xe0 709732.358793...

PT-2024-13402 · Unknown · Multisigwallet

Name of the Vulnerable Software and Affected Versions: MultiSigWallet version 0xF0C99 Description: A reentrancy issue was found in the executeTransaction function of MultiSigWallet. This issue could potentially be exploited. Recommendations: For MultiSigWallet version 0xF0C99, consider disabling...

Mozilla: libusrsctp library out of date

The Mozilla Foundation Security Advisory describes this flaw as: An out of date library libusrsctp contained vulnerabilities that could potentially be exploited...

PT-2022-23402 · Totolink · Totolink N350Rt

Name of the Vulnerable Software and Affected Versions: TOTOLINK N350RT version 9.3.5u.6139 B20201216 Description: A stack overflow issue was discovered via the command parameter in the setTracerouteCfg function. This allows for potential exploitation. Recommendations: For TOTOLINK N350RT version...

CVE-2022-34663

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969...

Slingshot: Incorrect initial balance fetched for native token in executeTrades()

Handle hickuphh3 Vulnerability details Impact The executioner contract only supports ERC20ERC20 token trades. Native token swaps are supported by either wrapping / unwrapping the ERC20 wrapped native token before / after the trades respectively. When exchanging from the native token, the wrapping...

CVE-2021-0689

In RGBtoBGR1portable of SkSwizzleropts.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

Mozilla: Memory safety bugs fixed in Thunderbird 78.13

Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 78.13,...

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws

Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729, a critical deserialization vulnerability v...