Overview
Description
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.
Statistics
- 1 Post
Last activity: 16 hours ago
Overview
Description
Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Statistics
- 1 Post
Last activity: 13 hours ago
Overview
- Red Hat
- Red Hat Directory Server 11
- rust-openssl
08 Apr 2025
Published
15 Nov 2025
Updated
CVSS
Pending
EPSS
0.45%
KEV
Description
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
Statistics
- 1 Post
Last activity: 16 hours ago
Overview
Description
Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Statistics
- 1 Post
Last activity: 13 hours ago
Overview
- VMware vCenter Server
18 Jun 2024
Published
24 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
22.42%
KEV
Description
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Statistics
- 1 Post
- 3 Interactions
Last activity: 21 hours ago
Overview
Description
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Statistics
- 1 Post
- 3 Interactions
Last activity: 21 hours ago
Overview
- VMware vCenter Server
18 Jun 2024
Published
02 Aug 2024
Updated
CVSS v3.1
HIGH (7.8)
EPSS
48.35%
KEV
Description
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
Statistics
- 1 Post
- 3 Interactions
Last activity: 21 hours ago
Overview
- SolarWinds
- Serv-U
24 Feb 2026
Published
25 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.02%
KEV
Description
An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
Statistics
- 1 Post
Last activity: 7 hours ago
Fediverse
latest SolarWinds CVEs.. all critical lmao.. patch patch patch!
CVE-2025-40538 - Improper Privilege Management
CVE-2025-40539 - Incorrect Type Conversion or Cast
CVE-2025-40540 - Incorrect Type Conversion or Cast
CVE-2025-40541 - Incorrect Type Conversion or Cast & Authorization Bypass Through User-Controlled Key
SolarWinds Serv-U 15.5.3 and prior versions
Overview
- SolarWinds
- Serv-U
24 Feb 2026
Published
25 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.05%
KEV
Description
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
Statistics
- 1 Post
Last activity: 7 hours ago
Fediverse
latest SolarWinds CVEs.. all critical lmao.. patch patch patch!
CVE-2025-40538 - Improper Privilege Management
CVE-2025-40539 - Incorrect Type Conversion or Cast
CVE-2025-40540 - Incorrect Type Conversion or Cast
CVE-2025-40541 - Incorrect Type Conversion or Cast & Authorization Bypass Through User-Controlled Key
SolarWinds Serv-U 15.5.3 and prior versions
Overview
- SolarWinds
- Serv-U
24 Feb 2026
Published
25 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.05%
KEV
Description
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
Statistics
- 1 Post
Last activity: 7 hours ago
Fediverse
latest SolarWinds CVEs.. all critical lmao.. patch patch patch!
CVE-2025-40538 - Improper Privilege Management
CVE-2025-40539 - Incorrect Type Conversion or Cast
CVE-2025-40540 - Incorrect Type Conversion or Cast
CVE-2025-40541 - Incorrect Type Conversion or Cast & Authorization Bypass Through User-Controlled Key
SolarWinds Serv-U 15.5.3 and prior versions