Astra Linux – Vulnerability in libuv1

libuv is a multi-platform support library that focuses on asynchronous I/O operations. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its Windows counterpart src/win/getaddrinfo.c truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to generat...

EUVD-2025-24718

Malicious code in bioql PyPI...

Malicious code in monolith-twirp-support-helphub (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 97a64bd75388afe20d55befa04ed845034b1a467cace9204788c98fd29240024 The OpenSSF Package Analysis project identified 'monolith-twirp-support-helphub' @ 1.48.0 rubygems as malicious. It is considered malicious...

CVE-2025-54675

Cross-Site Request Forgery CSRF vulnerability in YITHEMES YITH WooCommerce Popup yith-woocommerce-popup allows Cross Site Request Forgery.This issue affects YITH WooCommerce Popup: from n/a through = 1.48.0...

CVE-2025-54675

Cross-Site Request Forgery CSRF vulnerability in YITHEMES YITH WooCommerce Popup yith-woocommerce-popup allows Cross Site Request Forgery.This issue affects YITH WooCommerce Popup: from n/a through = 1.48.0...

CVE-2025-54675

CVE-2025-54675 is a CSRF vulnerability in the WordPress plugin YITH WooCommerce Popup affecting versions up to 1.48.0 . The issue enables cross-site requests from authenticated users (CSRF) as described in multiple connected sources. The CVSS details show an attack vector of NETWORK , no confiden...

CVE-2025-54675 WordPress YITH WooCommerce Popup Plugin plugin <= 1.48.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in YITHEMES YITH WooCommerce Popup yith-woocommerce-popup allows Cross Site Request Forgery.This issue affects YITH WooCommerce Popup: from n/a through = 1.48.0...

WordPress plugin YITH WooCommerce Popup 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2025-33228 · WordPress · Yith Woocommerce Popup

Name of the Vulnerable Software and Affected Versions: YITH WooCommerce Popup versions through 1.48.0 Description: A Cross-Site Request Forgery CSRF issue exists in YITH WooCommerce Popup, potentially allowing attackers to perform actions on behalf of authenticated users. Recommendations: Update...

CVE-2024-51989 Cross-site Scripting (XSS) Vulnerability in PasswordPusher

Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting XSS vulnerability was identified in the PasswordPusher application, affecting versions v1.41.1 through and including v.1.48.0. The issue arises from an un-sanitized parameter...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1790)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : libuv (EulerOS-SA-2024-1594)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows...

AZL-35886 CVE-2024-22017 affecting package libuv for versions less than 1.48.0-1

setuid does not affect libuv's internal iouring operations if initialized before the call to setuid. This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid. This vulnerability affects all users using version greater or...

Medium: libuv

Issue Overview: libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to...

Slackware Linux 15.0 / current libuv Vulnerability (SSA:2024-051-02)

The version of libuv installed on the remote host is prior to 1.48.0. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-051-02 advisory. - libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and...

SUSE CVE-2024-24806

libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to create addresses...

AZL-35133 CVE-2024-24806 affecting package python-gevent for versions less than 23.9.1-3

libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to create addresses...

AZL-35051 CVE-2024-24806 affecting package nodejs for versions less than 20.14.0-1

libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to create addresses...

AZL-34278 CVE-2024-24806 affecting package nodejs18 for versions less than 18.18.2-4

libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to create addresses...

AZL-35782 CVE-2024-24806 affecting package cmake for versions less than 3.28.2-6

libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to create addresses...