Improper Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the BeginBlocker process in the x/distribution module. An attacker can cause the blockchain to halt by sending transactions with fees denominated in a currency other than the expected nati...

io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation...

PT-2025-27464 · Electron · Electron

Name of the Vulnerable Software and Affected Versions: Electron versions prior to 28.3.2 Electron versions prior to 29.3.3 Electron versions prior to 30.0.3 Description: The issue is related to heap buffer overflows in Electron's API, specifically affecting the nativeImage.createFromPath and...

WordPress plugin SERPed.net 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Malicious code in aws-sdk-react-native-core (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 626365c8daf9243d0d8281fa741a8537d284b73f873547122f9bdab75513d280 Any computer that has this package installed or running should be considered...

MAL-2025-5251 Malicious code in aws-sdk-react-native-core (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 626365c8daf9243d0d8281fa741a8537d284b73f873547122f9bdab75513d280 Any computer that has this package installed or running should be considered...

Malicious code in @native-rabobank/native-qr-scanner (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b17e7bdb26521a7b7e638054ce600a2db0fba3fe05b08edc51b7236581947c1a The OpenSSF Package Analysis project identified...

WordPress Diza plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Diza plugin, which stems from improper control of the filename of an include or demand statement, and can be exploited by ...

The vulnerability of the emergency recovery function of the Native HA Cross-Region Replication (CRR) of the IBM MQ Operator allows a attacker to gain unauthorized access to protected information.

The vulnerability of the emergency recovery function of the Native HA Cross-Region Replication CRR of the IBM MQ Operator allows a attacker to gain unauthorized access to protected information...

DEBIAN-CVE-2025-38081

In the Linux kernel, the following vulnerability has been resolved: spi-rockchip: Fix register out of bounds access Do not write native chip select stuff for GPIO chip selects. GPIOs can be numbered much higher than native CS. Also, it makes no sense...

AZL-70307 CVE-2025-38081 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: spi-rockchip: Fix register out of bounds access Do not write native chip select stuff for GPIO chip selects. GPIOs can be numbered much higher than native CS. Also, it makes no sense...

UBUNTU-CVE-2025-38081

In the Linux kernel, the following vulnerability has been resolved: spi-rockchip: Fix register out of bounds access Do not write native chip select stuff for GPIO chip selects. GPIOs can be numbered much higher than native CS. Also, it makes no sense...

WordPress plugin School Management 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Diza 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Diza plugin, which stems from improper control of the filename of an include or demand statement, and can be exploited by ...

MAL-2025-5036 Malicious code in kenzup-react-native-rsa-native (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32d4c1032d395b390f908592fd2d12e60419f92e0000d0ff3135829a3db19287 Any computer that has this package installed or running should be considered...

Malicious code in kenzup-react-native-rsa-native (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32d4c1032d395b390f908592fd2d12e60419f92e0000d0ff3135829a3db19287 Any computer that has this package installed or running should be considered...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: spi-rockchip: Fixed out-of-bounds access to registers. Do not write code related to native chip selection for GPIO chip selections. GPIOs can be numbered much higher than native CS. Moreover, this approach doesn’t make any sen...

Race Condition

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Race Condition on connection close when using the APR/Native connector. An attacker could trigger a JVM crash by rapidly opening and closing HTTP/2 connections...

Malicious code in automated-native-creatives (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0108e88450eb534afdbdfd274f6737a7507f4a7915230a113296f63a2a2163fd Any computer that has this package installed or running should be considered...

CVE-2025-36041

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose...