CVE-2020-24565

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the...

EUVD-2018-9402

Malware in sbrugna...

EUVD-2018-21527

Malware in sbrugna...

EUVD-2022-37803

Malicious code in bioql PyPI...

CVE-2025-2020

Ashlar-Vellum Cobalt VC6 file parsing vulnerability (CVE-2025-2020) stems from improper validation in VC6 file parsing, allowing a write past the end of an allocated buffer. This leads to remote code execution in the context of the affected process. Exploitation requires user interaction (target ...

Ashlar-Vellum 安全漏洞

Ashlar Vellum is Ashlar's development platform for computer-aided design CAD and 3D modeling software. A security vulnerability exists in Ashlar-Vellum that stems from the presence of a heap-based buffer overflow remote code execution vulnerability that could allow a remote attacker to execute...

'Google' Sites Are the Latest Ploy by Card-Skimming Thieves

Malicious domains masquerading as Google sites are the latest ploy by payment card-skimming adversaries looking to dupe website visitors. According to analysts at Sucuri, cybercriminals are using typosquatting the practice of changing one letter in a trusted site name to use as a malicious URL to...

Microsoft Windows Contact File Format Arbitary Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'fileutils' require 'rex/zip' class MetasploitModule 'Microsoft Windows Contact File Format Arbitary Code Execution', 'Description' = %q This vulnerability allow...

SRC-2019-0039 : Cisco Prime Infrastructure SampleFileDownloadServlet Directory Traversal Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco Prime Infrastructure. Authentication is required to exploit this vulnerability. The specific flaw exists within the SampleFileDownloadServlet servlet. The issue...

LAquis SCADA LGX Report MemoryWriteWord Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-18332

A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations...

Adobe Acrobat DC Onix ReadBTreeT::NextKey Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Stack overflow

Local attackers can trigger a stack-based buffer overflow on vulnerable installations of Antiy-AVL ATool security management v1.0.0.22. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

CVE-2018-15367

A ctlset KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac Consumer 7.0 2017 and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged co...

Cross site scripting

A Reflected Cross-Site Scripting XSS vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability...

CVE-2018-15365

A Reflected Cross-Site Scripting XSS vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability...

(0Day) Fuji Electric Alpha5 Smart Loader A5P File Parsing Buffer Overflow Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Fuji Electric Alpha Loader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Cross-Site Scripting Flaw in Apache ActiveMQ Threatens Web Visitors

Researchers have found a cross-site scripting XSS flaw in Apache ActiveMQ that could enable a remote attacker with no privileges to launch an array of attacks against visitors to compromised websites. The vulnerability CVE-2018-8006 was disclosed today and impacts ActiveMQ versions earlier than...

CVE-2018-10358

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver. An attacker must first obtain the ability to...

CVE-2018-10358

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver. An attacker must first obtain the ability to...