Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the magick -distribute-cache process. An attacker can cause a heap buffer overwrite in the server process by connecting to the service. Remediation A fix was pushed into the master branch but not yet...

CVE-2026-43018 Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in hcileremoteconnparamreqevt hciconn lookup and field access must be covered by hdev lock in hcileremoteconnparamreqevt, otherwise it's possible it is freed concurrently. Extend the...

EUVD-2026-26617

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in hcileremoteconnparamreqevt hciconn lookup and field access must be covered by hdev lock in hcileremoteconnparamreqevt, otherwise it's possible it is freed concurrently. Extend the...

CVE-2026-43018

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in hcileremoteconnparamreqevt hciconn lookup and field access must be covered by hdev lock in hcileremoteconnparamreqevt, otherwise it's possible it is freed concurrently. Extend the...

CVE-2026-43018

The CVE-2026-43018 entry is confirmed: a Use-After-Free in Linux kernel Bluetooth HCI event handling (hci_le_remote_conn_param_req_evt) due to insufficient locking during hci_conn lookup/access. The vulnerability arises from hci_conn lookup and field access not always being protected by the hdev ...

PT-2026-36435

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the Bluetooth component. In the hci le remote conn param req evt function, the hci conn lookup and field access are not properly protected by the hde...

CVE-2026-33892

A vulnerability has been identified in Industrial Edge Management Pro V1 All versions = V1.7.6 = V2.0.0 = V2.2.0 V2.8.0. Affected management systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent...

CVE-2026-33892

A vulnerability has been identified in Industrial Edge Management Pro V1 All versions = V1.7.6 = V2.0.0 = V2.2.0 V2.8.0. Affected management systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent...

CVE-2026-33892

A vulnerability has been identified in Industrial Edge Management Pro V1 All versions = V1.7.6 = V2.0.0 = V2.2.0 V2.8.0. Affected management systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent...

Malicious code in gridifys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e5ce4a5dacaa769b90c359a5f03065f1d0418808b1ff366fe0d9cf6e21da4dd2 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

EUVD-2025-203895

A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through othe...

AnyDesk 安全漏洞

AnyDesk is a remote desktop connection software from the German company AnyDesk. A security vulnerability exists in AnyDesk 9.0.4 and earlier versions that originates from a remote connection user with Control My Device privileges can manipulate remote AnyDesk settings and create a password for a...

Oxford Nanopore Technologies MinKNOW 安全漏洞

Oxford Nanopore Technologies MinKNOW is a data acquisition control and monitoring software from Oxford Nanopore Technologies, UK. A security vulnerability exists in Oxford Nanopore Technologies MinKNOW versions prior to 24.11, which stems from an authentication token stored in the system temporar...

EUVD-2020-8067

Malware in sbrugna...

EUVD-1999-1272

Malware in sbrugna...

EUVD-2020-8066

Malware in sbrugna...

EUVD-2006-3810

Malware in sbrugna...

Pentest-and-Development-Tips

Pentest-and-Development-Tips A collection of pentest and development tips Author: 3gstudent Click on me to view the English version 声明 以下技巧不应用于非法用途 --- Tips 1. 手动端口探测 nmap的-sV可以探测出服务版本，但有些情况下必须手动探测去验证 使用Wireshark获取响应包未免大材小用，可通过nc简单判断 eg. 对于8001端口，nc连接上去，随便输入一个字符串，得到了以下结果： $ nc -vv localhost 8001...

CVE-2023-34761

An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter...

CVE-2019-1003091

A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...