6450 matches found
CVE-2025-40272 mm/secretmem: fix use-after-free race in fault handler
In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix use-after-free race in fault handler When a page fault occurs in a secret memory file created with memfdsecret2, the kernel will allocate a new folio for it, mark the underlying page as not-present in the direct...
CVE-2025-40272
CVE-2025-40272 affects Linux kernel mm/secretmem: a use-after-free race in the fault handler can occur when two tasks fault on the same secret memory page concurrently. The bug arises from freeing the folio before restoring the direct map, which could let a then-allocated page become accessible a...
CVE-2025-40272
In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix use-after-free race in fault handler When a page fault occurs in a secret memory file created with memfdsecret2, the kernel will allocate a new folio for it, mark the underlying page as not-present in the direct...
CVE-2025-40272 mm/secretmem: fix use-after-free race in fault handler
In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix use-after-free race in fault handler When a page fault occurs in a secret memory file created with memfdsecret2, the kernel will allocate a new folio for it, mark the underlying page as not-present in the direct...
CVE-2025-34259
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in the map list UI without HTML sanitzation. An...
Malicious code in ambient-map (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f03e10d2eec7143fda8062e504341041a8123bc6f2a0d7223ce9ced959b7dd1 The package ambient-map was found to contain malicious code...
EUVD-2025-201492
Malicious code in ambient-map npm...
MAL-2025-192324 Malicious code in ambient-map (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f03e10d2eec7143fda8062e504341041a8123bc6f2a0d7223ce9ced959b7dd1 The package ambient-map was found to contain malicious code...
CVE-2025-34258
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/plan endpoint. When an authenticated user adds an area to a map entry, the name parameter is stored and later rendered in the map list without HTML sanitization. A...
CVE-2025-34259
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in the map list UI without HTML sanitzation. An...
CVE-2025-34258
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/plan endpoint. When an authenticated user adds an area to a map entry, the name parameter is stored and later rendered in the map list without HTML sanitization. A...
EUVD-2025-201435
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/plan endpoint. When an authenticated user adds an area to a map entry, the name parameter is stored and later rendered in the map list without HTML sanitization. A...
CVE-2025-34258
Advantech WISE-DeviceOn Server
CVE-2025-34259 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via devicemap/building
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in the map list UI without HTML sanitzation. An...
EUVD-2025-201436
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in the map list UI without HTML sanitzation. An...
CVE-2025-34259 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via devicemap/building
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in the map list UI without HTML sanitzation. An...
CVE-2025-34259
Advantech WISE-DeviceOn Server (pre-5.4) is affected by a stored XSS in the /rmm/v1/devicemap/building endpoint. The issue arises from unfiltered/store of the map entry name which is later rendered in the map list UI without HTML sanitization, enabling an attacker to inject script that runs in th...
mm/damon/vaddr: do not repeat pte_offset_map_lock() until success
...
EUVD-2025-201387
Malicious code in json-map-source npm...
Malicious code in json-map-source (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dd2d0607d185e9c26b9f948e2335066b6e537f3f192794f59fdf55548300006 The package json-map-source was found to contain malicious code. Source: ghsa-malware 3c10e01cd8946f23f63e8eb210a0de73503e9815cf616aee78f18c96c4fe2ef...