Insecure Despite Proven Updated: Extracting the Root VCEK Seed on EPYC Milan Via a Software-Only Attack

In the official whitepaper of Secure Encrypted Virtualization with Secure Nested Paging SEV-SNP, AMD explicitly emphasizes the capability to prevent Trusted Computing Base TCB rollback attacks. Cryptographically, this is realized by signing attestation reports with the Versioned Chip Endorsement...

CVE-2009-4375

SQL injection vulnerability in repository/repositoryattachment.php in AlienVault Open Source Security Information Management OSSIM 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the iddocument parameter...

EUVD-2017-16542

Malware in sbrugna...

EUVD-2022-43546

Malicious code in bioql PyPI...

Liferay Portal CAPTCHA Bypass for Gogo Shell

The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...

CVE-2025-6948 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content...

CVE-2025-24836

With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device. This would prevent the device from connecting to a clinician's app to take patient readings and ostensibly flood it with requests,...

Session Fixation

org.jenkins-ci.plugins, oic-auth is vulnerable to Session Fixation. The vulnerability is due to the plugin failing to invalidate the previous session on login, allowing an attacker to reuse an old session...

MAL-2024-7363 Malicious code in @zitterorg/reiciendis-maxime-beatae (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 576d195ad97b9a6d69b9f70f3756a1ad7911da89670762ae6aa4399539ee521d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1441 Malicious code in @juiggitea/itaque-repellat-laborum (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ad033801d699d8bdcdf3a592bae3c2749a3d2eeb47efe44eb29d2ef1f1eca3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2023-21986 · Hikvision · Localservicecomponents

Name of the Vulnerable Software and Affected Versions: plug-in affected versions not specified Description: The issue allows an attacker to exploit it by sending crafted messages to computers with the plug-in installed, modifying plug-in parameters. This could cause affected computers to download...

Integer Overflow

libgpac.so is vulnerable to Integer Overflow. The vulnerability is caused by a defect in function mp4muxinitializemovie in a file filters/muxisom.c. A attacker can exploit this vulnerability to mount a Denial Of Service DOS attack...

Denial Of Service (DoS)

wagtail is vulnerable to Denial of Service DoS attacks. The vulnerability exists because it does not properly validate the file size in fields.py which allows an attacker to cause an application crash...

MAL-2022-6327 Malicious code in strip-json-combmentd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a20fa5526c6a0df61a797f86e6d329e0408842e47e87e33a019451d14197ffa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Don’t panic! “Unpatchable” Mac vulnerability discovered

Researchers at MITs Computer Science & Artificial Intelligence Lab CSAIL found an attack surface in a hardware-level security mechanism utilized in Apple M1 chips. The flaw is unpatchable, but attackers would need to chain it with other vulnerabilities to make use of the attack method. The hardwa...

Denial Of Service (DoS)

lua is vulnerable to denial of service. The vulnerability exists due to a lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read in lparser.c allowing an attacker to crash the system via maliciously crafted script...

Remote Code Execution

github.com/gogs/gogs is vulnerable to remote code execution. Lack of proper validations in UploadRepoFiles function allow remote attackers to upload and execute malicious code on the system...

CVE-2022-21715: XSS Vulnerability in API\ResponseTrait in CodeIgniter4

Impact Cross-Site Scripting XSS vulnerability was found in API\ResponseTrait in Codeigniter4. Attackers can do XSS attacks if you are using API\ResponseTrait. Patches Upgrade to v4.1.8 or later. Workarounds Do one of the following: 1. Do not use API\ResponseTrait nor ResourceController 2. Disable...

CVE-2021-37436

Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing...

CVE-2021-37436

CVE-2021-37436 affects Amazon Echo Dot devices. The connected sources describe a design/logic flaw that, after a factory reset, can let an attacker with physical access extract sensitive information through a sequence of hardware and software attacks. There are no published patch details in the p...