CVE-2026-33850

Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54...

CVE-2026-33850

CVE-2026-33850 concerns an out-of-bounds write in WujekFoliarz DualSenseY-v2 (affected before v54). The CVSS 3.1 base score is 7.8 (HIGH), with LOCAL attack vector, low complexity, no privileges required, but USER INTERACTION NEEDED. Impacts include confidentiality, integrity, and availability. T...

PT-2026-27336

Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54...

CVE-2026-27211

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration constrained by process privileges when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted...

CVE-2026-27211 Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration constrained by process privileges when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted...

EUVD-2025-74590

Malicious code in handsomemandrillivory-56 npm...

EUVD-2025-74465

Malicious code in medievalthrushgray-55 npm...

MAL-2025-47467 Malicious code in internallib_v52 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4d4bce17702fd04e9d38d97007a2bc8b4028c77159bcd19e1565f71d7f4ada4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in trochilus (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c6895d1063758093bf21294cd9edbba16c2e957fd931d17008cc6d962c8992b4 The OpenSSF Package Analysis project identified 'trochilus' @ 50.0.0 npm as malicious. It is considered malicious because: - The package...

CVE-2023-22970

Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file...

Bottle 安全漏洞

Bottle is a simple and lightweight Python-based WSGI micro web framework from the Bottle community. A security vulnerability exists in Bottles prior to version 51.0, which stems from an error handling YAML that allows remote code execution via a crafted file...

SUSE CVE-2016-5144

The Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different...

SUSE CVE-2017-5403

When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox 52 and Thunderbird 52...

SUSE CVE-2017-5463

Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerabili...

SUSE CVE-2017-7815

On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiproce...

CVE-2021-23253

Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only see the front part e.g. www.safe.opera.com… The exac...

Address bar spoofing in Opera Mini for Android – Opera Security Advisories

Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing...

DEBIAN-CVE-2017-7777

Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::readglyph function...

Unspecified Vulnerability in Mozilla Firefox and Firefox ESR (CNVD-2018-14987)

Mozilla Firefox and Firefox ESR are both browser products developed by the Mozilla Foundation in the U.S. Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. A security vulnerability exists in Mozilla Firefox versions prior to 61, Firefox ESR versions pri...

Mozilla Firefox Skia Memory Corruption Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the U.S. Skia is one of the open source 2D graphics libraries that provides common APIs that work on a variety of hardware and software platforms. A memory corruption vulnerability exists in Skia in versions prio...