ROS-20260529-73-0016

The vulnerability of the software for interacting with servers via CURL is related to the exposure of information. Exploiting this vulnerability allows a remote attacker to gain access to confidential data through the PASV response...

JLSEC-2026-472

A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust...

CVE-2025-62320 HTML Injection Leading to Data Exfiltration to External Server vulnerability affects HCL Unica Platform

HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external...

EUVD-2021-10095

Malware in sbrugna...

EUVD-2024-50583

Malicious code in bioql PyPI...

GHSA-MGFV-2362-JQ96 DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input

DNN.PLATFORM allows a specially crafted series of malicious interaction can expose NTLM hashes to a third party SMB server. This vulnerability is fixed in 10.0.1...

php: Leak partial content of the heap through heap buffer over-read in mysqlnd

A flaw was found in the PHP MySQL client library. This vulnerability allows a hostile MySQL server to disclose the content of the client's heap, potentially exposing data from other SQL requests and other users of the same server via malicious server interactions...

The vulnerability of the software for interacting with servers via cURL, related to insufficient protection of operational data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the software for interacting with servers via cURL is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

HTTPS Fetch

Fetch and execute an MIPSLE payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/ppc/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show...

TFTP Fetch

Fetch and execute an AARCH64 payload from a TFTP server. Module Options msf use payload/cmd/linux/tftp/aarch64/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...sho...

K000149702: PostgreSQL vulnerabilities CVE-2024-10977 and CVE-2024-10979

Security Advisory Description CVE-2024-10977 Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a...

CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

The vulnerability of the software for interacting with servers via curl, related to incorrect certificate verification, allows a perpetrator to influence the integrity of the system.

The vulnerability of the software for interacting with servers using curl is related to improper verification of the certificate. Exploiting this vulnerability allows a remote attacker to influence the integrity of the system...

The vulnerability of the UEM SafeMobile platform, a centralized management platform for mobile devices, is related to insufficient protection of operational data. This vulnerability allows attackers to disclose information about users of the application.

The vulnerability of the UEM SafeMobile platform, a centralized management platform for mobile devices, is related to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to obtain information about application users by sending...

The vulnerability of the software for interacting with servers via CURL, related to errors in saving permissions, allows a hacker to expose protected information or cause service failures.

The vulnerability of the software for interacting with servers via CURL is related to errors during permission storage. This vulnerability allows a malicious actor to disclose sensitive information or cause service failures...

The vulnerability of the software for interacting with servers via CURL, related to the allocation of unlimited memory, allows a hacker to cause a service failure.

The vulnerability of the software for interacting with servers via CURL is related to the allocation of unlimited memory. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

CVE-2022-40296

The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems...

curl: CVE-2022-35252: control code in cookie denial of service

Summary: I took a look at https://github.com/curl/curl/pull/9048/commits/d7bcbc7d8d4b6d972d3da12d54819169a19c287b a sneak peek on a vulnerability to be announced tomorrow. My guess for that vulnerability is that since cookies are persistent, someone who can trick curl into storing cookies can sto...

The vulnerability of the software for interacting with servers via CURL is related to insufficient protection of registration data, allowing attackers to access confidential information.

The vulnerability of the software for interacting with servers via CURL is related to insufficient protection of registration data. Exploiting this vulnerability allows a malicious actor to gain access to confidential information...

The vulnerability of the software for interacting with servers via CURL lies in the fact that certain operations exceed the allowable buffer size limits, allowing an attacker to cause a service failure.

The vulnerability of the software for interacting with servers via CURL is related to the execution of operations within the acceptable data buffer limits. Exploiting this vulnerability allows a malicious actor to cause service failures...