PHPGurukul Online Notes Sharing System 安全漏洞

PHPGurukul Online Notes Sharing System is an online notes sharing system from PHPGurukul Inc. A security vulnerability exists in version 1.0 of the PHPGurukul Online Notes Sharing System, which stems from a SQL injection due to incorrect manipulation of the sessionid parameter in the File/Dashboa...

PT-2025-28302 · Unknown · Phpgurukul Online Notes Sharing System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Notes Sharing System version 1.0 Description: A critical issue was found in the PHPGurukul Online Notes Sharing System, affecting an unknown part of the file /Dashboard of the component Cookie Handler. The manipulation of th...

Exploit for CVE-2016-2434

About This is where I will post analysis of Public Exploits, or some of my 1day exploits. Public exploit analysis - Personally I think the best way to learn a public exploit is by understanding it line-by-line until I can understand the exploit to the fullest. I will post some of these...

Malicious code in plugin-notes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60b12a33550c554800cf8d4781b1ce03c53057caf7e39b5332d180b234b6ea24 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

RHEL 9 : Red Hat Ceph Storage 8.1 (RHSA-2025:9775)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:9775 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-140.0esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements, and moves to th...

Important: Red Hat Security Advisory: Updated 7.1 container image is now available in the Red Hat Ecosystem Catalog.

A new rhceph-7.1 container image is now available in the Red Hat Ecosystem Catalog. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support...

Medium: perl-YAML-LibYAML

Issue Overview: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified CVE-2025-40908 Affected Packages: perl-YAML-LibYAML Issue Correction: Run dnf update perl-YAML-LibYAML --releasever 2023.7.20250623 or dnf update --advisory ALAS2023-2025-1036...

Medium: amazon-cloudwatch-agent

Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...

Low: valkey

Issue Overview: setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev-size - prev-used. CVE-2025-49112 Affected Packages: valkey Issue Correction: Run dnf update valkey --releasever 2023.7.20250623 to update your system. New Packages: aarch64: ...

Security update for afterburn

This update for afterburn fixes the following issues: Update to version 5.8.2: cargo: Afterburn release 5.8.2 docs/release-notes: update for release 5.8.2 cargo: update dependencies cargo: Afterburn release 5.8.1 cargo: Afterburn release 5.8.0 docs/release-notes: update for release 5.8.0 cargo:...

SUSE-SU-2025:20429-1 Security update for afterburn

This update for afterburn fixes the following issues: Update to version 5.8.2: cargo: Afterburn release 5.8.2 docs/release-notes: update for release 5.8.2 cargo: update dependencies cargo: Afterburn release 5.8.1 cargo: Afterburn release 5.8.0 docs/release-notes: update for release 5.8.0 cargo:...

DesDev DedeCMS 注入漏洞

DesDev DedeCMS Dream Weaving Content Management System is a PHP-based open source content management system CMS from China Zhuozhuo DesDev. The system has features such as content publishing, content management, content editing and content retrieval. DesDev DedeCMS 5.7.2 and earlier versions exis...

Moderate: open-vm-tools security update

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Security Fixes: open-vm-tools:A malicious actor with non-administrative...

CVE-2024-37396

A stored cross-site scripting XSS vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. This could lead to the execution of malicious scripts when the...

CVE-2024-37396

A stored cross-site scripting XSS vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. This could lead to the execution of malicious scripts when the...

Medium: cuda-nvml-devel-12-9

Issue Overview: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this...

Important: kernel-livepatch-6.12.22-27.96

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir CVE-2025-37785 Affected Packages: kernel-livepatch-6.12.22-27.96 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Medium: cuda-nvtx-12-9

Issue Overview: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this...

CVE-2025-49446

Cross-Site Request Forgery CSRF vulnerability in minhlaobao Admin Notes admin-note allows Cross Site Request Forgery.This issue affects Admin Notes: from n/a through = 1.1...