Malicious code in exec-nuxtjs-async-await (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0547138917a1647cd799533fb1a5d590a7076f852e032130c1b80b909a792139 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

PT-2025-46650

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the qaic accelerator. Specifically, the find and map user pages function does not properly handle scenarios where a zero-sized ALP Asynchronous...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not waiting for asynchronous decryption to complete after a tlsstrpmsghold failure, which could lead to a UA...

CVE-2025-47773

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

EUVD-2025-84362

The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. This is due to the plugin's "tfhbmeetingformsubmitcallback" function using insufficiently random values to generate...

kernel: afs: Fix lock recursion

In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afswakeupasynccall can incur lock recursion. The problem is that it is called from AFRXRPC whilst holding the -notifylock, but it tries to take a ref on the afscall struct in order to pass it to a work que...

EUVD-2025-74048

The WP Go Maps formerly WP Google Maps WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later retrieved from another AJAX call and output unescaped...

EUVD-2025-60969

The Crypto plugin for WordPress is vulnerable to unauthorized manipulation of data in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action wpajaxnoprivcryptoconnectajaxprocess that allows calling the cryptodeletejson method with only a...

CVE-2025-11237

The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options...

CVE-2025-11988 Crypto Tool <= 2.22 - Missing Authentication to Unauthenticated Limited File Deletion

The Crypto plugin for WordPress is vulnerable to unauthorized manipulation of data in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action wpajaxnoprivcryptoconnectajaxprocess that allows calling the cryptodeletejson method with only a...

PT-2025-46266

Name of the Vulnerable Software and Affected Versions Crypto plugin for WordPress versions prior to 2.23 Description The software is susceptible to information exposure due to an unauthenticated AJAX action, wp ajax nopriv crypto connect ajax process, which allows calling the register and savenft...

PT-2025-46300

Name of the Vulnerable Software and Affected Versions WP Go Maps formerly WP Google Maps versions prior to 9.0.48 Description The software does not properly sanitize user-provided input through an AJAX action. This allows unauthenticated users to inject and store malicious code that can be execut...

EUVD-2025-50807

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

CVE-2025-47773 Combodo iTop has XSS vulnerability in /pages/ajax.render.php

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

CVE-2025-47773

Combodo iTop is affected by a cross-site scripting (XSS) vulnerability in the dashboard editing functionality invoked via AJAX calls. The issue affects versions prior to 2.7.13 and prior to 3.2.2; versions 2.7.13 and 3.2.2 are reported to protect rendered HTML content. The root cause is an XSS fl...

PT-2025-46184

Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 2.7.13 Combodo iTop versions prior to 3.2.2 Description Combodo iTop, a web-based IT service management tool, is susceptible to cross-site scripting when a dashboard is edited through an AJAX call. This allows fo...

[SECURITY] Fedora 41 Update: libnbd-1.22.5-1.fc41

NBD =E2=80=94 Network Block Device =E2=80=94 is a protocol for accessing Bloc k Devices hard disks and disk-like things over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: Synchronous and asynchronous APIs, both for ease of...

[SECURITY] Fedora 42 Update: libnbd-1.22.5-1.fc42

NBD =E2=80=94 Network Block Device =E2=80=94 is a protocol for accessing Bloc k Devices hard disks and disk-like things over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: Synchronous and asynchronous APIs, both for ease of...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990582)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990582 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix races between hole punching and AIO+DIO After commit ocfs2: return real error code in...

[SECURITY] Fedora 43 Update: libnbd-1.23.10-1.fc43

NBD =E2=80=94 Network Block Device =E2=80=94 is a protocol for accessing Bloc k Devices hard disks and disk-like things over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: Synchronous and asynchronous APIs, both for ease of...