Monthly
Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
An authenticated user with read-only role can extract limited amounts of uninitialized stack memory through specially crafted issuances of the filemd5 command in MongoDB Server. This information disclosure vulnerability affects MongoDB Server versions 8.2 prior to 8.2.6, 8.0 prior to 8.0.20, and 7.0 prior to 7.0.31. An attacker with valid database read credentials can exploit this to leak sensitive data from process memory without requiring elevated privileges or user interaction.
Cisco Nexus 3600 and 9500-R switches are vulnerable to Layer 2 traffic loops when processing maliciously crafted EVPN frames, allowing unauthenticated adjacent attackers to trigger a denial of service condition by overwhelming network bandwidth. An attacker can exploit this logic error in Layer 2 ingress packet processing by sending crafted Ethernet frames, causing VxLAN traffic loops that drop all data plane traffic. No patch is currently available for this vulnerability.
Solidworks Edrawings versions up to 2025 contains a vulnerability that allows attackers to execute arbitrary code while opening a specially crafted EPRT file (CVSS 7.8).
A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. [CVSS 4.9 MEDIUM]
Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity
Use of uninitialized variable for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a high complexity attack may enable data exposure. [CVSS 4.1 MEDIUM]
Panda3D's deploy-stub executable up to version 1.10.16 is vulnerable to denial of service through unvalidated stack allocation based on command-line argument counts, allowing local attackers to crash the application by supplying excessive arguments. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw can trigger reliable crashes and undefined behavior during Python interpreter initialization.
Memory corruption while processing identity credential operations in the trusted application. [CVSS 7.8 HIGH]
Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.7).
Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
An authenticated user with read-only role can extract limited amounts of uninitialized stack memory through specially crafted issuances of the filemd5 command in MongoDB Server. This information disclosure vulnerability affects MongoDB Server versions 8.2 prior to 8.2.6, 8.0 prior to 8.0.20, and 7.0 prior to 7.0.31. An attacker with valid database read credentials can exploit this to leak sensitive data from process memory without requiring elevated privileges or user interaction.
Cisco Nexus 3600 and 9500-R switches are vulnerable to Layer 2 traffic loops when processing maliciously crafted EVPN frames, allowing unauthenticated adjacent attackers to trigger a denial of service condition by overwhelming network bandwidth. An attacker can exploit this logic error in Layer 2 ingress packet processing by sending crafted Ethernet frames, causing VxLAN traffic loops that drop all data plane traffic. No patch is currently available for this vulnerability.
Solidworks Edrawings versions up to 2025 contains a vulnerability that allows attackers to execute arbitrary code while opening a specially crafted EPRT file (CVSS 7.8).
A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. [CVSS 4.9 MEDIUM]
Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity
Use of uninitialized variable for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a high complexity attack may enable data exposure. [CVSS 4.1 MEDIUM]
Panda3D's deploy-stub executable up to version 1.10.16 is vulnerable to denial of service through unvalidated stack allocation based on command-line argument counts, allowing local attackers to crash the application by supplying excessive arguments. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw can trigger reliable crashes and undefined behavior during Python interpreter initialization.
Memory corruption while processing identity credential operations in the trusted application. [CVSS 7.8 HIGH]
Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.7).