4653 matches found
VulnCheck KEV: CVE-2023-7304
Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmcsync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the...
CVE-2025-9621
The WidgetPack Comment System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation on the wpcmtsync action in the wpcmtrequesthandler function. This makes it possible for unauthenticated...
Fedora 41 : chromium (2025-ed59372bc2)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-ed59372bc2 advisory. Update to 141.0.7390.65 High CVE-2025-11458: Heap buffer overflow in Sync High CVE-2025-11460: Use after free in Storage Medium CVE-2025-11211: Out ...
Withdrawn Advisory: cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations
Withdrawn Advisory This advisory has been withdrawn because it does not discuss a valid vulnerability. This link is maintained to preserve external references. Original Description All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync and...
CVE-2025-11569
The connected data identifies a concrete vulnerability in the cross-zip JavaScript package. A Directory Traversal flaw exists when repeatedly using zipSync() and unzipSync() with arguments such as __dirname, allowing an attacker to access host system files. Red Hat lists all versions of cross-zip...
CVE-2025-11569
...
Chromium: CVE-2025-11458 Heap buffer overflow in Sync
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in Google Chrome that stems from a heap buffer overflow issue in Sync...
Microsoft Edge (Chromium) < 141.0.3537.71 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 141.0.3537.71. It is, therefore, affected by multiple vulnerabilities as referenced in the October 9, 2025 advisory. - Use after free in Storage. CVE-2025-11460 - Heap buffer overflow in Sync. CVE-2025-11458 Note that...
SUSE CVE-2025-11458
Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...
CVE-2025-48464
Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information...
CVE-2025-48464 Exposure of Sensitive Information
Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information...
CVE-2025-48464
CVE-2025-48464 describes a vulnerability in Sync that could allow an unauthenticated attacker to access a victim’s Sync account data, including account credentials and email protection information. The available documents identify the affected product as Sync and cite unauthorized access to sensi...
CVE-2025-48464 Exposure of Sensitive Information
Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information...
Linux Distros Unpatched Vulnerability : CVE-2025-39896
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/ivpu: Prevent recovery work from being queued during device removal Use disableworksync instead of cancelworksync in ivpudevfini to ensure that no new...
PT-2025-41237
Name of the Vulnerable Software and Affected Versions Sync affected versions not specified Description Exploitation of the issue could allow an unauthenticated attacker to gain access to a victim’s Sync account data, including account credentials and email protection information. Recommendations ...
GHSA-VG2R-RMGP-CGQJ Deno's --deny-write check does not prevent permission bypass
Summary Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtime times on the file stream resource even when the file is opened with read only permission...
EUVD-2021-17821
Malware in sbrugna...
EUVD-2015-2934
Malware in sbrugna...
EUVD-2001-0963
Malware in sbrugna...