EUVD-2014-5016

Malware in sbrugna...

EUVD-2022-44146

Malicious code in bioql PyPI...

jwt-go allows excessive memory allocation during header parsing

Summary Function parse.ParseUnverified currently splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs...

CVE-2022-49671

In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix memory leak in ibcminsertlisten cmallocidpriv allocates resource for the cmidpriv. When cminitlisten fails it doesn't free it, leading to memory leak. Add the missing error unwind...

CVE-2021-27501

CVE-2021-27501 affects Philips Vue PACS and related Vue components (12.2.x.x and earlier). The issue is described as improper adherence to coding standards (CWE-710), which can heighten the severity of other vulnerabilities within the suite. The ICS-CISA advisory catalogs this CWE-710 alongside o...

Explanation of the zero-day attack

What is a zero-day vulnerability? A zero-day weakness is an obscure security weakness or programming blemish that a danger entertainer can focus with noxious code. The expression “Zero-Day” is utilized in light of the fact that the product merchant was uninformed of their product weakness, and...

CVE-2021-27454

The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 all firmware versions prior to 02A04.1...

Privilege Escalation

java is vulnerable to privilege escalation. An unspecified vulnerability allows an attacker to affect confidentiality, integrity and availability of the system via unknown vectors...

CVE-2018-5451

In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers...

CVE-2018-5451

In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers...

VBulletin 1.0/2.x/3.0 Index.PHP User Interface Spoofing Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10362/info A weakness has been reported to exist in the VBulletin software that may allow an attacker to spoof parts of the VBulletin interface. The issue exists due to improper validation of user-supplied data. Remote...

WordPress Eventify - Simple Events plugin <= 1.7.f SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Eventify - Simple Events plugin = 1.7.f SQL Injection Vulnerability Date: 2011-09-07 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/eventify.zip Version: 1.7.f tested...

BlackBerry Z10 Privilege Escalation Vulnerability

BlackBerry Z10 users should be aware that there is a privilege escalation vulnerability. The vulnerability potentially allows a hacker to modify or edit data on a stolen BlackBerry Z10 smartphone with BlackBerry Protect enabled, identified as BSRT-2013-006 CVE-2013-3692 According to the...

CVE-2012-4559

Multiple double free vulnerabilities in the 1 agentsigndata function in agent.c, 2 channelrequest function in channels.c, 3 sshuserauthpubkey function in auth.c, 4 sftpparseattr3 function in sftp.c, and 5 trypublickeyfromfile function in keyfiles.c in libssh before 0.5.3 allow remote attackers to...

OpenID Warns of Serious Bugs in Some Implementations

OpenID Warns of Serious Bugs in Some Implementations Amidst the fallout of the latest bungled password service kerfuffle at LastPass, comes a warning from the OpenID foundation of a critically serious flaw in certain deployments of the product to suffer a certain level of inter-process data...

CVE-2022-44618

...

CVE-2025-34623

...