13 matches found
ROOT-OS-DEBIAN-13-CVE-2025-40274 CVE-2025-40274 in rootio-linux - Patched by Root
Root has patched CVE-2025-40274 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-40274 CVE-2025-40274 in rootio-linux - Patched by Root
Root has patched CVE-2025-40274 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
CVE-2025-40274
In the Linux kernel, the following vulnerability has been resolved: KVM: guestmemfd: Remove bindings on memslot deletion when gmem is dying When unbinding a memslot from a guestmemfd instance, remove the bindings even if the guestmemfd file is dying, i.e. even if its file refcount has gone to zer...
MAL-2025-40274 Malicious code in yankee-sierra-vpta (npm)
The package yankee-sierra-vpta was found to contain malicious code...
CVE-2022-40274
Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled...
CVE-2023-40274
creationtimestamp| type| source ---|---|--- 2023-08-14 07:19:02+00:00| seen| https://t.me/cibsecurity/68413...
CVE-2023-40274 vulnerabilities
Vulnerabilities for packages: zola...
CVE-2023-40274 vulnerabilities
Vulnerabilities for packages: zola...
CVE-2023-40274
CVE-2023-40274 affects zola 0.13.0–0.17.2 where the built‑in server (zola serve) mishandles path traversal sequences, allowing an attacker to escape the webroot and read arbitrary filesystem files via URL paths containing sequences like ../. This is due to the handle_request logic not properly sa...
CVE-2022-40274
creationtimestamp| type| source ---|---|--- 2022-09-30 20:36:15+00:00| seen| https://t.me/cibsecurity/50777...
CVE-2022-40274
CVE-2022-40274 affects Gridea 0.9.3. The root cause is the application running with nodeIntegration enabled, allowing an attacker to remotely execute arbitrary code when a user views a malicious Markdown file. Impact is described as high in multiple sources. The documentation does not indicate a ...
CVE-2022-40274
Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled...
CVE-2022-40274
Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled...