EUVD-2012-4680

Malware in sbrugna...

EUVD-2025-30790

Malicious code in bioql PyPI...

GHSA-9GGR-2464-2J32 Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)

Summary Authlib’s JWS verification accepts tokens that declare unknown critical header parameters crit, violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical header for example, bork or cnf that strict verifiers reject but Authlib accepts. In...

PT-2025-38752

Name of the Vulnerable Software and Affected Versions Authlib versions prior to 1.6.4 Description Authlib’s JWS verification improperly handles tokens declaring unknown critical header parameters crit, violating RFC 7515 specifications. An attacker can create a signed token with a critical header...

CVE-2012-4755

Untrusted search path vulnerability in SciTools Understand before 2.6 build 600 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .udb file. NOTE: some of these details are obtained from thir...

How to Sue a Company Under GDPR for Data Misuse and Privacy Violations

Learn how to sue companies under GDPR for data misuse. Understand your rights, file complaints, and claim compensation…...

Playbook: Your First 100 Days as a vCISO - 5 Steps to Success

In an increasingly digital world, no organization is spared from cyber threats. Yet, not every organization has the luxury of hiring a full-time, in-house CISO. This gap in cybersecurity leadership is where you, as a vCISO, come in. You are the person who will establish, develop, and solidify the...

[SECURITY] Fedora 34 Update: golang-github-oklog-0.3.2-9.20190701gitca7cdf5.fc34

OK Log is a distributed and coordination-free log management system for big o l' clusters. It's an on-prem solution that's designed to be a sort of building block: easy to understand, easy to operate, and easy to extend...

How Financial Apps Get You to Spend More and Question Less

You should never invest without fully understanding the risks, but tax prep and stock trading services often obfuscate the things you really need to know...

Modern Defenders Share, Visualize and Succeed

TENERIFE, Spain – Network defenders who rely solely on lists of assets to protect are running a fool’s errand. Instead, it’s crucial to think in graphs to not only visualize threats, but also to understand network edges, and dependencies between assets and accounts in order to be able to capture...

[SECURITY] Fedora 20 Update: ksystemlog-4.14.1-1.fc20

This program is developed for beginner users, who don't know how to find information about their Linux system, and don't know where log files are. It is also of course designed for advanced users, who quickly want to under stand problems of their machine with a more powerful and graphical tool th...

CVE-2012-4755

Untrusted search path vulnerability in SciTools Understand before 2.6 build 600 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .udb file. NOTE: some of these details are obtained from thir...

Design/Logic Flaw

Untrusted search path vulnerability in SciTools Understand before 2.6 build 600 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .udb file. NOTE: some of these details are obtained from thir...

CVE-2012-4755

Untrusted search path vulnerability in SciTools Understand before 2.6 build 600 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .udb file. NOTE: some of these details are obtained from thir...

CVE-2012-4755

CVE-2012-4755 affects SciTools Understand prior to version 2.6 build 600. The vulnerability arises from an untrusted search path: Understand looks in the current working directory for DLLs (notably wintab32.dll) when resolving dependencies, enabling local privilege escalation if a Trojan horse DL...

Scientific Toolworks Understand 'wintab32.dll' DLL Loading Arbitrary Code Execution

The version of Scientific Toolworks Understand installed on the remote Windows host is earlier than 2.6 Build 600. As such, it insecurely looks in its current working directory when resolving DLL dependencies, such as for 'wintab32.dll'. Attackers may exploit this issue by placing a specially...

SciTools Understand 2.6 (wintab32.dll) DLL Loading Arbitrary Code Execution

Summary Understand is a static analysis tool for maintaining, measuring, and analyzing critical or large code bases. Description The vulnerability is caused due to the application loading libraries wintab32.dll in an insecure manner. This can be exploited to load arbitrary libraries by tricking a...

SciTools Understand 2.6 DLL Loading Code Execution

/ SciTools Understand 2.6 wintab32.dll DLL Loading Arbitrary Code Execution Vendor: Scientific Toolworks, Inc. Product web page: http://www.scitools.com Affected version: 2.6 build 598 Summary: Understand is a static analysis tool for maintaining, measuring, and analyzing critical or large code...