USN-8359-1 nncp vulnerability

It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote attacker could possibly use this issue to read or write arbitrary files outside of the intended directory...

CVE-2026-5394

An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. This issue affects pimcore: 12.3.3...

Duplicate Advisory: Pimcore admin users can trigger SQL Injection

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r2f4-ff2p-xc64. This link is maintained to preserve external references. Original Description An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controll...

EUVD-2026-24171

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout connectionIncomingSave at app/Http/Controllers/MailboxesController.php:468 and connectionOutgoingSave at line 398...

Malicious code in polyutil (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 31a0fc68eee0841a78740fd3e3748171612b871b58bf9f3e52b4fa35bed64774 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

Malicious code in clawdest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cf31ecc1ce2cf9d018d5ea73c9ee8467f85efd2fda44d75dfd10797cb35778a2 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

CVE-2025-12772

CVE-2025-12772 affects Brocade SANnav before 2.4.0b. The issue arises when an OOM condition causes a heap dump to include the switch admin password in plaintext within SANnav support logs. This could allow a remote authenticated attacker with admin privileges to read the password from logs or the...

Patch Tuesday, October 2025 ‘End of 10’ Edition

Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least two vulnerabilities that are already being actively exploited. October's Patch Tuesday also marks the final month that Microsoft will ship security updates for...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a pointer arithmetic error during I2C register saves, which could lead to a kernel crash and out-of-bounds...

Malicious code in test-mlw2-trump-skart-fibro-saves (npm)

The package test-mlw2-trump-skart-fibro-saves was found to contain malicious code...

MAL-2025-36174 Malicious code in test-mlw2-saves-suety-widdy-lezzy (npm)

The package test-mlw2-saves-suety-widdy-lezzy was found to contain malicious code...

Malicious code in test-mlw2-tagma-saves (npm)

The package test-mlw2-tagma-saves was found to contain malicious code...

Romm 代码问题漏洞

Romm is an open source manager for read-only memory from The RomM Project. A code issue vulnerability exists in Romm 4.0.0-beta.3 and prior versions that stems from improper access control of the /api/saves endpoint, which could lead to arbitrary file writes and remote code execution...

CVE-2024-37365

A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escala...

Broadcom Brocade SANnav 日志信息泄露漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A security vulnerability exists in Brocade SANnav versions v2.3.1 and v2.3.0a, which originated from printing the Brocade Fabric OS switch encryption passwords in the support saves of the Brocade SANnav...

PT-2021-15962 · WordPress · Glass

Name of the Vulnerable Software and Affected Versions: Glass WordPress plugin versions 1.3.2 and earlier Description: The issue is related to a Stored Cross-Site Scripting problem. It occurs because the Glass Pages setting is not properly sanitised or escaped before being outputted in a page...

DEBIAN-CVE-2020-14939

An issue was discovered in savestructinternal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading...

DEBIAN-CVE-2020-12801

If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice'...

Format string

If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice'...

CVE-2020-12801 Crash-recovered MSOffice encrypted documents defaulted to not to using encryption on next save

If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice'...