Dev jobs handlebars 安全漏洞

Dev jobs handlebars is a job search program by Felix Individual Developers. A security vulnerability exists in Dev jobs handlebars version 1.0 that stems from the use of an untrusted req.headers.host header to generate an absolute password reset link and force the use of an http scheme, which cou...

Improper Access Control

vite is vulnerable to improper access control. The vulnerability is due to files starting with the same name as those in the public directory being served while bypassing the server.fs settings, which allows an attacker to access restricted files when the Vite dev server is exposed to the network...

EUVD-2025-31840

Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information...

EUVD-2025-31843

A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing manipulation of the argument ID results in cross site scripting. It is...

Linux Distros Unpatched Vulnerability : CVE-2023-53670

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix devpmqos memleak Call devpmqoshidelatencytolerance in the error unwind patch ...

Linux Distros Unpatched Vulnerability : CVE-2023-53515

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - virtio-mmio: don't break lifecycle of vmdev vmdev has a separate lifecycle because it has a 'struct device' embedded. Thus, having a release callback for it is...

Linux Distros Unpatched Vulnerability : CVE-2023-53568

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: don't leak memory if devsetname fails When devsetname fails, zcdncreate doesn't...

AZL-76404 CVE-2023-53627 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Grab sasdev lock when traversing the members of sasdev.list When freeing slots in function slotcompletev3hw, it is possible that sasdev.list is being traversed elsewhere, and it may trigger a NULL pointer exception...

UBUNTU-CVE-2023-53627

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Grab sasdev lock when traversing the members of sasdev.list When freeing slots in function slotcompletev3hw, it is possible that sasdev.list is being traversed elsewhere, and it may trigger a NULL pointer exception...

UBUNTU-CVE-2023-53670

In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix devpmqos memleak Call devpmqoshidelatencytolerance in the error unwind patch to avoid following kmemleak:- blktests master kmemleak-clear; ./check nvme/044; blktests master kmemleak-scan ; kmemleak-show nvme/044 Te...

CVE-2023-53670 nvme-core: fix dev_pm_qos memleak

In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix devpmqos memleak Call devpmqoshidelatencytolerance in the error unwind patch to avoid following kmemleak:- blktests master kmemleak-clear; ./check nvme/044; blktests master kmemleak-scan ; kmemleak-show nvme/044 Te...

CVE-2023-53670 nvme-core: fix dev_pm_qos memleak

In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix devpmqos memleak Call devpmqoshidelatencytolerance in the error unwind patch to avoid following kmemleak:- blktests master kmemleak-clear; ./check nvme/044; blktests master kmemleak-scan ; kmemleak-show nvme/044 Te...

CVE-2023-53664

In the Linux kernel, the following vulnerability has been resolved: OPP: Fix potential null ptr dereference in devpmoppgetrequiredpstate "opp" pointer is dereferenced before the ISERRORNULL check. Fix it by removing the dereference to cache opptable and dereference it directly where opptable is...

EUVD-2025-32757

In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: reduce WARN to devdbg in callback The warn is triggered on a known race condition, documented in the code above the test, that is correctly handled. Using WARN hinders automated testing. Reducing severity...

CVE-2023-53627

CVE-2023-53627 affects the Linux kernel SCSI HISI SAS path. Root cause: concurrency on sas_dev.list during slot completion/deregistration can trigger a NULL pointer dereference. The fix is to grab the sas_dev lock when traversing sas_dev.list in dereg_device_v3_hw() and in hisi_sas_release_tasks(...

CVE-2023-53627 scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Grab sasdev lock when traversing the members of sasdev.list When freeing slots in function slotcompletev3hw, it is possible that sasdev.list is being traversed elsewhere, and it may trigger a NULL pointer exception...

Malicious code in webpack-dev-serve-middleware (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb201f67e4df2c2951dcebb70620a58ed8d7c1862d4697b4e14b2e95b6673d84 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview webpack-dev-serve-middleware is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2025-48012 Malicious code in webpack-dev-serve-middleware (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb201f67e4df2c2951dcebb70620a58ed8d7c1862d4697b4e14b2e95b6673d84 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2023-53571

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Make intelgetcrtcnewencoder less oopsy The point of the WARN was to print something, not oops straight up. Currently that is precisely what happens if we can't find the connector for the crtc in the atomic state. Get th...