GHSA-FFV6-JJ46-X367 django-unicorn affected by component state manipulation via unvalidated attribute access

Summary Component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modify internal attributes such as templatename or trigger protected methods. Vulnerability...

OSV-2026-272 Heap-use-after-free in vcardproperty_get_value

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=485932113 Crash type: Heap-use-after-free READ 8 Crash state: vcardpropertygetvalue vcardpropertygetversion parsevcard...

CVE-2025-12738 Enumeration of restricted property value

Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. The vulnerability allows attacker without read access to a property to infer information about its value by trying t...

PT-2026-3934

Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. The vulnerability allows attacker without read access to a property to infer information about its value by trying t...

EUVD-2008-2873

Malware in sbrugna...

EUVD-2025-20904

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-26956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data...

CVE-2025-38342 software node: Correct a OOB check in software_node_get_reference_args()

In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in softwarenodegetreferenceargs softwarenodegetreferenceargs wants to get @index-th element, so the property value requires at least 'index + 1 sizeofref' bytes but that can not be guaranteed by...

CVE-2023-35687

In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-35679

In MtpPropertyValue of MtpProperty.h, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

OPENSUSE-SU-2023:0102-1 Security update for editorconfig-core-c

This update for editorconfig-core-c fixes the following issues: Update to version 0.12.6: - CVE-2023-0341: Fixed a buffer overflow in ecblob boo1211032 - Update property key, value length limits per spec change...

DEBIAN-CVE-2021-29279

There is a integer overflow in function filtercore/filterprops.c:gfpropsassignvalue in GPAC 1.0.1. In which, the arg const GFPropertyValue value,maybe value-value.data.size is a negative number. In result, memcpy in gfpropsassignvalue failed...

Security Bulletin: CVE-2020-4483 Secure property value can be seen in diagnostics bundle and ds_request_audit_entry

Summary Secure property value can be seen in diagnostics bundle and dsrequestauditentry Vulnerability Details CVEID: CVE-2020-4483 DESCRIPTION: IBM UrbanCode Deploy UCD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser...

EAP: Vault system property security attribute value is revealed on CLI 'reload' command

A flaw was found in the JBoss EAP Vault system. Confidential information of the system property’s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information...

EAP: Vault system property security attribute value is revealed on CLI 'reload' command

A flaw was found in the JBoss EAP Vault system. Confidential information of the system property’s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information...

CVE-2015-8442

Use-after-free vulnerability in the MovieClip object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before...

Design/Logic Flaw

Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before...

CVE-2014-9267

The CVE-2014-9267 issue affects the PTC IsoView ActiveX control, where a heap-based buffer overflow in the ViewPort property can enable remote code execution. According to ZDI advisories, exploitation requires user interaction (visiting a malicious page or opening a malicious file) to trigger the...

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64 (20130424)

Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. CVE-2013-1569, CVE-2013-2383, CVE-2013-2384 Multiple improper permission check issues were...

Stack overflow

Multiple stack-based buffer overflows in NCSAddOn.dll in the ERDAS APOLLO ECWP plugin before 13.00.0001 for Internet Explorer, Firefox, and Chrome allow remote attackers to execute arbitrary code via a long property value...