5610 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-49951
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix use-after-free during unregister In the following code within...
Important: gdk-pixbuf2
Issue Overview: In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a deni...
Linux Distros Unpatched Vulnerability : CVE-2024-27413
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit...
[SECURITY] Fedora 41 Update: gdk-pixbuf2-2.42.12-9.fc41
gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter...
gdk‑pixbuf: Heap‑buffer‑overflow in gdk‑pixbuf
A flaw exists in gdk‑pixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib’s gbase64encodestep glib/gbase64.c. When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory,...
GNU GRUB Buffer Overflow Vulnerability (CNVD-2025-17795)
GNU GRUB is a Linux system boot program from the GNU community. A buffer error vulnerability exists in GNU GRUB, which originates in the grub-core/gettext module, where the system does not properly limit the size of the data, and can be exploited by an attacker to run arbitrary code in the contex...
DENX Software Engineering Das U-Boot 安全漏洞
DENX Software Engineering Das U-Boot is a Universal Bootloader from DENX Software Engineering, Germany. A security vulnerability exists in DENX Software Engineering Das U-Boot version v1.1.3, which stems from a lack of signature verification in the bootloader and could lead to the execution of...
Important: gdk-pixbuf2
Issue Overview: In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a deni...
CVE-2025-8399
The Mmm Unity Loader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributes’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-8399
CVE-2025-8399 affects the WordPress plugin “MMM Unity Loader” up to version 1.0 and enables stored XSS via the attributes parameter. Exploitation requires authenticated access at Contributor level or higher, enabling script injection on pages visited by users. Various connected sources corroborat...
CVE-2025-8399 Mmm Unity Loader <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via attributes Parameter
The Mmm Unity Loader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributes’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-8399 Mmm Unity Loader <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via attributes Parameter
The Mmm Unity Loader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributes’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
PT-2025-31731 · WordPress · Mmm Unity Loader
Name of the Vulnerable Software and Affected Versions: Mmm Unity Loader plugin for WordPress versions prior to 1.0 Description: The Mmm Unity Loader plugin for WordPress is susceptible to Stored Cross-Site Scripting via the attributes parameter due to insufficient input sanitization and output...
WordPress plugin Mmm Unity Loader 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Malicious ISO File Used in Romance Scam Targeting German Speakers
Sublime Security reveals a cunning romance/adult-themed scam targeting German speakers, leveraging Keitaro TDS to deliver an AutoIT-based malware loader. Learn how this sophisticated campaign operates, its deceptive tactics, and the hidden payload...
The vulnerability of the Loader component in Google Chrome browsers allows attackers to bypass security restrictions.
The vulnerability of the Loader component in Google Chrome browsers relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions remotely...
Malicious Package
Overview grafana-internal-config-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...
GHSA-X6PH-R535-3VJW apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files
It was discovered that the ld.so.cache in images generated by apko had file system permissions mode 0666: bash-5.3 find / -type f -perm -o+w /etc/ld.so.cache This issue was introduced in commit 04f37e2 "generate /etc/ld.so.cache 1629"v0.27.0. Impact This potentially allows a local unprivileged us...
MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities
In April 2025 Cisco Talos identified a Malware-as-a-Service MaaS operation that utilized Amadey to deliver payloads. The MaaS operators used fake GitHub accounts to host payloads, tools and Amadey plug-ins, likely as an attempt to bypass web filtering and for ease of use. Several operator tactics...
Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms
Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and evade detection. Matanbuchus is the name given to a malware-as-a-service MaaS offering that can act as a conduit for next-stage payloads,...