1422 matches found
CVE-2026-33995
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberosAcceptSecurityContext and kerberosInitializeSecurityContextA WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c can cause a crash in any FreeRDP clients on systems where...
FreeRDP 资源管理错误漏洞
FreeRDP is an open source Remote Desktop Protocol RDP implementation library and client . FreeRDP suffers from a double release vulnerability. The vulnerability is caused by a double release problem in the memory release process of the kerberosAcceptSecurityContext and...
Mate Security Introduces the Security Context Graph, an Approach to Smarter SOCs
New York, USA, 17th February 2026, CyberNewswire...
AZL-75369 CVE-2025-11065 affecting package podman 4.1.1-26
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
AZL-75372 CVE-2025-11065 affecting package azl-otel-collector 0.127.0-1
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
CVE-2025-11065
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
AZL-75440 CVE-2025-11065 affecting package keda 2.14.1-9
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
CVE-2025-36397 Security vulnerabilities have been found in IBM Application Gateway
IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002499)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002499 advisory. The securitycontexttosidcore function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service system cras...
EUVD-2026-2135
Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...
CVE-2019-7886
A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts...
CVE-2025-5591
Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...
EUVD-2026-0919
Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...
CVE-2025-5591
Summary: Kentico Xperience 13 is vulnerable to a stored cross-site scripting (XSS) attack via the Checkbox form component in Form Builder. The root cause is a lack of proper filtering/escaping of user-supplied data in the form component, enabling an attacker to execute arbitrary scripts in a vict...
PT-2026-29141
Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.2 Description FreeRDP is a free implementation of the Remote Desktop Protocol. A double-free issue exists in the kerberos AcceptSecurityContext and kerberos InitializeSecurityContextA functions WinPR,...
CVE-2025-36230
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
Diverse LLMs Vs. Vulnerabilities: Who Detects and Fixes Them Better?
Large Language Models LLMs are increasingly being studied for Software Vulnerability Detection SVD and Repair SVR. Individual LLMs have demonstrated code understanding abilities, but they frequently struggle when identifying complex vulnerabilities and generating fixes. This study presents...
CVE-2025-9613
A vulnerability was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completion...
EUVD-2025-202314
A vulnerability was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completion...
CVE-2025-9613
A vulnerability was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completion...