ROOT-OS-UBUNTU-2204-CVE-2025-40281 CVE-2025-40281 in rootio-linux - Patched by Root

Root has patched CVE-2025-40281 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2025-40281 CVE-2025-40281 in rootio-linux - Patched by Root

Root has patched CVE-2025-40281 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

CVE-2026-40281

creationtimestamp| type| source ---|---|--- 2026-05-06 21:50:46+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3ml7onz4kgp2n 2026-05-07 01:58:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mla4iyvhh22o 2026-05-11 16:07:14+00:00| seen|...

PT-2026-36917

Name of the Vulnerable Software and Affected Versions Gotenberg versions 8.x through 8.30.1 Description An improper input validation issue exists in the metadata write endpoint '/forms/pdfengines/metadata/write'. While metadata keys are validated, metadata values are passed unsanitized to the...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2026-118 (ALASKERNEL-5.4-2026-118)

The version of kernel installed on the remote host is prior to 5.4.302-222.451. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2026-118 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix null-deref in...

CVE-2023-40281

EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using t...

CVE-2025-40281 affecting package kernel for versions less than 6.6.117.1-1

CVE-2025-40281 affecting package kernel for versions less than 6.6.117.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-40281

creationtimestamp| type| source ---|---|--- 2025-12-06 23:47:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7e6rcp3cc2k 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/ 2026-04-02 17:00:00+00:00| seen|...

DEBIAN-CVE-2025-40281

In the Linux kernel, the following vulnerability has been resolved: sctp: prevent possible shift-out-of-bounds in sctptransportupdaterto syzbot reported a possible shift-out-of-bounds 1 Blamed commit added rtoalphamax and rtobetamax set to 1000. It is unclear if some sctp users are setting very...

CVE-2025-40281

In the Linux kernel, the following vulnerability has been resolved: sctp: prevent possible shift-out-of-bounds in sctptransportupdaterto syzbot reported a possible shift-out-of-bounds 1 Blamed commit added rtoalphamax and rtobetamax set to 1000. It is unclear if some sctp users are setting very...

EUVD-2025-40281

Malicious code in candra-kue38-sukiwir npm...

CVE-2022-40281

An issue was discovered in Samsung TizenRT through 3.0GBM and 3.1PRE. cyasslconnectstep2 in curl/vtls/cyassl.c has a missing X509free after SSLgetpeercertificate, leading to information disclosure...

CVE-2023-40281

creationtimestamp| type| source ---|---|--- 2023-08-17 12:37:13+00:00| seen| https://t.me/cibsecurity/68727...

CVE-2023-40281

EC-CUBE 2 series (versions 2.11.0–2.17.2-p1) contains a cross-site scripting (CWE-79) vulnerability in the Management page’s mail/template and products/product components. The issue can allow arbitrary script execution in the web browser of other administrators or users accessing the site. Affect...

CVE-2022-40281

CVE-2022-40281 affects Samsung TizenRT versions up to 3.0_GBM and 3.1_PRE. The issue is in cyassl_connect_step2 (curl/vtls/cyassl.c) where an X509_free call after SSL_get_peer_certificate is missing, causing information disclosure. Connected sources (e.g., PT-2022-25320) describe the vulnerable r...

Merchandise Online Store SQL Injection Vulnerability (CNVD-2022-40281)

Merchandise Online Store is a merchandise online store system. merchandise Online Store has a security vulnerability that can be exploited by attackers to conduct SQL injection via /vloggersmerch/classes/Master.php?f=deleteorder attack...

CVE-2021-40281

creationtimestamp| type| source ---|---|--- 2021-12-09 20:24:09+00:00| seen| https://t.me/cibsecurity/33722...

CVE-2021-40281

CVE-2021-40281 affects ZZCMS. A SQL injection vulnerability exists in zzcms versions 8.2, 8.3, and the 2020/2021 releases in dl/dl_print.php during normal user registration. The connected CNVD/NVD entries confirm the vulnerability with this exact vector, but the provided documents do not include ...