KLA90989 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges, cause denial of service. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability can be exploited remotely to ga...

KLA90006 Multiple vulnerability in OpenOffice

Multiple vulnerabilities were found in OpenOffice. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service. Below is a complete list of vulnerabilities: 1. A missing Authorization vulnerability in OpenOffice can be exploit...

KLA90059 Multiple vulnerability in Microsoft Open Source Software

A remote code execution vulnerability was found in Microsoft Open Source Software. Malicious users can exploit this vulnerability to execute arbitrary code, bypass security restrictions. Original advisories CVE-2025-62220 Related products Microsoft-Windows CVE list CVE-2025-62220 critical Solutio...

CVE-2025-12856

A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and...

CVE-2025-30191

Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedur...

CVE-2025-30191

Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedur...

Vulnerabilities affecting SICK TLOC100-100

SICK has identified multiple vulnerabilities in the SICK TLOC100-100 product. The vulnerabilities could potentially affect the confidentiality, integrity an availability of the product. Therefore it is strongly recommended to apply general security practices when operating the product. SICK is...

exploitdb

The Exploit Database Git Repository This is an official repos...

exploitdb

This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains a searchable archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. The Exploit Database is...

KLA87442 Multiple vulnerabilities in Microsoft SQL Server

Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information, gain privileges. Below is a complete list of vulnerabilities: 1. Improper Handling of Exceptional...

🔍 Vulners Lookup – augmented CVE reality

Vulners Lookup – augmented CVE reality. Yesterday, VulnCheck unveiled a prototype Chrome/Chromium plugin that highlights CVE identifiers on any website and shows a popup with vulnerability details, including whether the vulnerability is in the VulnCheck KEV an extended CISA KEV. The Vulners team...

KLA90910 DoS vulnerability in Microsoft Windows

Denial of service vulnerability was found in Microsoft Windows. Malicious users can exploit this vulnerability to cause denial of service. Original advisories CVE-2025-6965 Exploitation Public exploits exist for this vulnerability. Related products Microsoft-Windows Microsoft-Windows-Server...

Vulnerabilities affecting SICK TDC-E210GC

SICK has identified multiple vulnerabilities in the SICK TDC-E210GC product. The advisory includes a total of 23 vulnerabilities, of which 14 are confirmed as affected and 9 as known not affected. At this time, SICK is not aware of any public exploits specifically targeting these vulnerabilities...

July Linux Patch Wednesday

JulyLinux Patch Wednesday. This time, there are 470 vulnerabilities, slightly fewer than in June. Of these, 291 are in the Linux Kernel. One vulnerability shows signs of being exploited in the wild CISA KEV: SFB - Chromium CVE-2025-6554 There are also 36 vulnerabilities for which public exploits...

June Linux Patch Wednesday

JuneLinux Patch Wednesday. This time, there are 598 vulnerabilities, almost half as many as in May. Of these, 355 are in the Linux Kernel. There are signs of exploitation in the wild for 3 vulnerabilities CISA KEV. SFB - Chromium CVE-2025-2783 MemCor - Chromium CVE-2025-5419 CodeInj - Hibernate...

CVE-2024-23189

Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering...

CVE-2024-23187

Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please...

CVE-2024-23191

Upsell advertisement information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured...

CVE-2023-26448

Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit...

CVE-2023-26456

Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code...