WordPress Small Package Quotes - Worldwide Express Edition plugin <= 5.2.18 - Unauthenticated SQL Injection vulnerability

WordPress Small Package Quotes - Worldwide Express Edition plugin = 5.2.18 - Unauthenticated SQL Injection vulnerability discovered by Colin Xu in WordPress Plugin Small Package Quotes – Worldwide Express Edition versions = 5.2.18...

Unity Linux 20.1060a Security Update: kernel (UTSA-2025-993294)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993294 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme: fix multipath crash caused by flush request when blktrace is enabled The flush request...

Linux Distros Unpatched Vulnerability : CVE-2023-54323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cxl/pmem: Fix nvdimm registration races A loop of the form: while true; do modprobe cxlpci; modprobe -r cxlpci; done ...fails with the following crash signature...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992946)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992946 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dwpcieepinit errors If dwpcieepinit fails to perform any actio...

Malicious Package

Overview express-js-web is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-205796

Malicious code in express-js-web npm...

Malicious code in express-js-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e922c32d1b163c8938985f7665f539243b9be99316491150e61476d30cf0ce68 The package express-js-web was found to contain malicious code. Source: ghsa-malware 50f874487616a31800182c5b87aec47559f7136d5ed3a84355446b795a3137d7...

MAL-2025-192968 Malicious code in express-js-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e922c32d1b163c8938985f7665f539243b9be99316491150e61476d30cf0ce68 The package express-js-web was found to contain malicious code. Source: ghsa-malware 50f874487616a31800182c5b87aec47559f7136d5ed3a84355446b795a3137d7...

EUVD-2023-60418

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix invalid buffer access for legacy rq The below crash can be encountered when using xdpsock in rx mode for legacy rq: the buffer gets released in the XDPREDIRECT path, and then once again in the driver. This fix...

CVE-2023-54323 cxl/pmem: Fix nvdimm registration races

In the Linux kernel, the following vulnerability has been resolved: cxl/pmem: Fix nvdimm registration races A loop of the form: while true; do modprobe cxlpci; modprobe -r cxlpci; done ...fails with the following crash signature: BUG: kernel NULL pointer dereference, address: 0000000000000040...

CVE-2023-54323 cxl/pmem: Fix nvdimm registration races

In the Linux kernel, the following vulnerability has been resolved: cxl/pmem: Fix nvdimm registration races A loop of the form: while true; do modprobe cxlpci; modprobe -r cxlpci; done ...fails with the following crash signature: BUG: kernel NULL pointer dereference, address: 0000000000000040...

org.webjars.npm:body-parser (>=1.20.0 <=1.20.3), org.webjars.npm:express (=4.18.1) +1 more potentially affected by CVE-2025-15284 via org.webjars.npm:qs (>=6.10.3 <=6.13.0)

org.webjars.npm:qs MAVEN version =6.10.3, =1.20.0, =8.4.7, =9.0.0-next.2 Source cves: CVE-2025-15284 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14724254...

WordPress Icegram Express Pro plugin deserialization vulnerability

WordPress Icegram Express Pro plugin is an advanced email marketing automation tool designed for WordPress websites. WordPress Icegram Express Pro plugin suffers from a deserialization vulnerability that stems from unsafe deserialization of serialized data received by the application from users,...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992469)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992469 advisory. In the Linux kernel, the following vulnerability has been resolved: xsk: Add missing overflow check in xdpumemreg The number of chunks can overflow u32. Make sure to...

CVE-2025-68038

Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through 5.9.14...

SUSE CVE-2023-54053

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix possible NULL pointer dereference It is possible that iwlpciprobe will fail and free the trans, then afterwards iwlpciremove will be called and crash by trying to access trans which is already freed, fix...

Linux Distros Unpatched Vulnerability : CVE-2023-54108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests The following message and call trace was seen with debug kernels: DMA-API: qla2xxx 0000:41:00.0: devic...

Linux Distros Unpatched Vulnerability : CVE-2023-54070

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - igb: clean up in all error paths when enabling SR-IOV After commit 50f303496d92 igb: Enable SR-IOV after reinit, removing the igb module could hang or crash...

CVE-2025-68919

Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express DX / AF Management Software before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality, integrity, and...

CVE-2025-68919

CVE-2025-68919 affects Fujitsu Fsas Technologies ETERNUS SF ACM/SC/Express (DX/AF Management Software). The issue arises because maintenance data collected by the system can be accessed by a non-admin principal, potentially exposing data and impacting confidentiality (C), with limited integrity/a...