MAL-2025-5200 Malicious code in postcss-layout-grid (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 462502060afb8b130fe73ec2cf8940f9cc7e7d86e3a70ad48606a6b1b4484231 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2022-50072

In the Linux kernel, the following vulnerability has been resolved: NFSv4/pnfs: Fix a use-after-free bug in open If someone cancels the open RPC call, then we must not try to free either the open slot or the layoutget operation arguments, since they are likely still in use by the hung RPC call...

MAL-2025-5155 Malicious code in dijit.layout.bordercontainer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 268d7fbff2e8226f7aafd1f838c0cbd16e53ea3d1542e81c9771945ebc3bf7da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in dojox.layout.expandopane (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c4d8c95926f5af3cacdfd043cd5ec597124451062eac060c9d24c418bf4d7fab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in dijit.layout.bordercontainer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 268d7fbff2e8226f7aafd1f838c0cbd16e53ea3d1542e81c9771945ebc3bf7da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2025-47104

InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in...

Malicious code in bs58-decode-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 365e9781bfa38295c42e9eb63d2506e4d79922f9040b5ca8f39544eaab056c91 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

NewStart CGSL MAIN 7.02 : libmicrohttpd Vulnerability (NS-SA-2025-0091)

The remote NewStart CGSL host, running version MAIN 7.02, has libmicrohttpd packages installed that are affected by a vulnerability: - GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the postprocessor.c...

Samsung S24 MP3 Decoder Out-Of-Bounds Read

There is an out-of-bounds read in the MP3 decoder in the Samsung S24. The function smp123djointstereov1 indexes into several tables for decoding, and does not check that the index is valid, allowing the tables to be read out of bounds. It may be possible to use this bug to bypass ASLR, as loading...

MINI-6GR7-WQ6G-PR6M

Bulletin has no description...

CVE-2024-42625

FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/layout/add...

CVE-2024-26482

An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...

CVE-2024-27863

An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A local attacker may be able to determine kernel memory layout...

CVE-2024-4277

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layouthtml’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-42631

FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/layout/edit/1...

CVE-2024-1237

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyoutlayout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-1043

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppbremovesavedlayoutdata' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with...

CVE-2024-26484

A stored cross-site scripting XSS vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CM...

CVE-2023-48650

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...