408 matches found
WordPress Easy PHP Settings plugin <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting vulnerability
Authenticated Administrator+ PHP Code Injection via 'wpmemorylimit' Setting vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Easy PHP Settings versions = 1.0.4...
WordPress plugin Easy PHP Settings 代码注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
EUVD-2025-208350
A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 2025-12-11,qjs interpreter using the -m option and a low memory limit can cause an out-of-memory condition followed by an assertion failure in JSFreeRuntime...
CVE-2025-69654
A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 2025-12-11,qjs interpreter using the -m option and a low memory limit can cause an out-of-memory condition followed by an assertion failure in JSFreeRuntime...
UBUNTU-CVE-2025-69654
A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 2025-12-11,qjs interpreter using the -m option and a low memory limit can cause an out-of-memory condition followed by an assertion failure in JSFreeRuntime...
CVE-2025-69654
A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 2025-12-11,qjs interpreter using the -m option and a low memory limit can cause an out-of-memory condition followed by an assertion failure in JSFreeRuntime...
CLSA-2026-1772813746 php: Fix of CVE-2017-9119
CVE-2017-9119: handle memory limit error during string reallocation correctly...
CLSA-2026-1772812991 skopeo: Fix of 3 CVEs
rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVEs - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing - CVE-2025-61729: fix excessive resource consumption when constructing hostname error messages...
CLSA-2026-1772811390 php: Fix of CVE-2017-9119
CVE-2017-9119: handle memory limit error during string reallocation correctly...
CVE-2025-69654
CVE-2025-69654 concerns the QuickJS qjs interpreter. A crafted JavaScript input, when run with the -m option and a low memory limit on the QuickJS release 2025-09-13, can cause an out-of-memory condition followed by an assertion failure in JS_FreeRuntime (list_empty(&rt->gc_obj_list)) during r...
CVE-2025-69654
A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 2025-12-11,qjs interpreter using the -m option and a low memory limit can cause an out-of-memory condition followed by an assertion failure in JSFreeRuntime...
CLSA-2026-1772041183 grafana: Fix of 3 CVEs
rebuild with newer golang version 1.22.9-1.el92.tuxcare.els5 to fix the following CVE's - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing - CVE-2025-61728: fix denial-of-service in archive/zip by replacing super-linear index...
GHSA-F229-3862-4942 @enclave-vm/core is vulnerable to Sandbox Escape
Summary It is possible to escape the security boundraries set by @enclave-vm/core, which can be used to achieve remote code execution RCE. The issue has been fixed in version 2.11.1. --- Details It is possible to obtain the native Object constructor instead of the SafeObject wrapper. This can be...
UBUNTU-CVE-2026-23157
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages BUG There is an internal report that over 1000 processes are waiting at the ioscheduletimeout of balancedirtypages, causing a system hang and trigger...
EUVD-2026-2006
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service DoS vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies Content-Encoding: gzip, br, etc.. The library validates the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000333)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000333 advisory. A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver,...
CVE-2025-66627 Wasmi's Linear Memory has a Critical Use After Free Vulnerability
Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0, 0.41.1, 0.42.0 through 0.47.1, 0.50.0 through 0.51.2 and 1.0.0, Wasmi's linear memory implementation leads to a Use After Free vulnerability, triggered by a WebAssembly module under certain memory...
PT-2025-49777
Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0, 0.41.1, 0.42.0 through 0.47.1, 0.50.0 through 0.51.2 and 1.0.0, Wasmi's linear memory implementation leads to a Use After Free vulnerability, triggered by a WebAssembly module under certain memory...
EUVD-2021-15357
Malware in sbrugna...
EUVD-2016-6631
Malware in sbrugna...