CVE-2025-47385 Improper Access Control for Register Interface in SCE-Mink

Memory Corruption when accessing trusted execution environment without proper privilege check...

EUVD-2026-8587

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patients in the system to anyone who has the...

CVE-2026-0959

A flaw was found in Wireshark. A remote attacker could exploit a crash in the IEEE 802.11 protocol dissector by crafting a malicious network packet. This vulnerability leads to a denial of service, making the Wireshark application unavailable. Mitigation To mitigate this issue, users should avoid...

EUVD-2008-4084

Malware in sbrugna...

CVE-2020-9351

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the transaction parameter, the server replies with a verbose error showing where the application resides the...

RestrictedPython 安全漏洞

RestrictedPython is an open source tool from Zope that helps define a subset of the Python language that allows program input to be provided to a trusted environment. A security vulnerability exists in RestrictedPython that stems from a type confusion error when using "try/except"...

PT-2024-21261 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A logic error in the code of ppmp unprotect buf in drm fw.c could lead to a compromise of protected memory. This issue may result in local escalation of...

PT-2024-5261 · Qualcomm · Qualcomm Embedded Platform

Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform software affected versions not specified Description: The issue is related to a memory corruption problem that occurs when an invoke call and a TEE call are bound for the same trusted application. It is also...

RestrictedPython 安全漏洞

RestrictedPython is a tool that helps define a subset of the Python language that allows program input to be provided to a trusted environment. A security vulnerability exists in RestrictedPython versions prior to 5.3, and prior to 6.1, which stems from allowing a user to provide program input to...

SUSE CVE-2008-4100

GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the...

Qualcomm 芯片资源管理错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc. and are often manufactured on the surface of semiconductor wafers. The Qualcomm chip has a security vulnerability that stems from memory corrupti...

QuantConnect Lean vulnerable to insecure deserialization

QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library. One may avoid this issue by only running Lean in an environment where data provided is trusted...

CVE-2020-14947

OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mibfile in plugins/mainsections/msconfig/mssnmpconfig.php is mishandled in getmiboid...

MCIR

This is a collection of intentionally vulnerable applications for testing code injection vulnerabilities. The applications are designed to be used in a trusted web environment and should not be published on a production server or exposed to the internet. The applications include: CryptOMG: A...

CVE-2020-7958

An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to contain functionality that allows a privileged user root in the Rich Execution Environment REE to obtain bitmap images from the fingerprint sensor because of Leftover Debug Code. The issue is that the...

CVE-2020-9352

An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the transaction parameter. NOTE: the documentation states "These tools are, by...

CVE-2020-9353

An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML...

DEBIAN-CVE-2008-4100

GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the...

CVE-2008-4100

GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the...