CVE-2025-38102

The CVE CVE-2025-38102 describes a race in VMCI within the Linux kernel between vmci_host_setup_notify and vmci_ctx_unset_notify. A warning can be triggered in try_grab_folio due to a still-in-progress get_user_pages_fast writing to context->notify_page, which may be observed and mismanaged du...

CVE-2025-38102 VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify

In the Linux kernel, the following vulnerability has been resolved: VMCI: fix race between vmcihostsetupnotify and vmcictxunsetnotify During our test, it is found that a warning can be trigger in trygrabfolio as follow: ------------ cut here ------------ WARNING: CPU: 0 PID: 1678 at mm/gup.c:147...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from ath12kcoreinit not properly logging out of the notification chain, which could lead to reuse after release...

Malicious code in hardhat-deploy-notification (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d2081250ac75574ee18ddea2caa510104e94d2673de1ad4fa445d96559d2a1f4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in notification-logs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38d50a72b129f2bbf4413f253f4cc198bb674e07061123d5ba873a3374ed7ecd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in notification-loggers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31994ef5ff64a19550b3e145bf17d885b0b7029e463eacfbec340db313a954f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5513 Malicious code in notification-logs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38d50a72b129f2bbf4413f253f4cc198bb674e07061123d5ba873a3374ed7ecd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5512 Malicious code in notification-loggers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31994ef5ff64a19550b3e145bf17d885b0b7029e463eacfbec340db313a954f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-39478

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in smartiolabs Smart Notification allows Reflected XSS. This issue affects Smart Notification: from n/a through 10.3...

CVE-2025-39478

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in smartiolabs Smart Notification allows Reflected XSS. This issue affects Smart Notification: from n/a through 10.3...

CVE-2025-39478 WordPress Smart Notification Plugin <= 10.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in smartiolabs Smart Notification allows Reflected XSS. This issue affects Smart Notification: from n/a through 10.3...

CVE-2025-39478 WordPress Smart Notification Plugin <= 10.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in smartiolabs Smart Notification allows Reflected XSS. This issue affects Smart Notification: from n/a through 10.3...

CVE-2025-39478

CVE-2025-39478 affects WordPress Smart Notification Plugin (Smart Notification) versions ≤ 10.3. It is a Reflected Cross-Site Scripting (XSS) vulnerability. All connected sources (NVD, Red Hat, CNNVD, Patchstack, CVE records) indicate the issue exists and that a fix is not yet provided in the pub...

WordPress plugin和WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-27102 · Unknown · Smart Notification

Name of the Vulnerable Software and Affected Versions: Smart Notification versions n/a through 10.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to...

BELL-CVE-2025-38023

Bulletin has no description...

Vulnerability Disclosure or Notification? Best Practices for Reaching Stakeholders at Scale

Security researchers are interested in security vulnerabilities, but these security vulnerabilities create risks for stakeholders. Coordinated Vulnerability Disclosure has been an accepted best practice for many years in disclosing newly discovered vulnerabilities. This practice has mostly worked...

GHSA-24WV-6C99-F843

creationtimestamp| type| source ---|---|--- 2025-06-20 17:44:10+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114716930881228437 2025-06-20 17:46:19+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19004...

CVE-2025-39479

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in smartiolabs Smart Notification allows Blind SQL Injection. This issue affects Smart Notification: from n/a through 10.3...

WordPress Smart Notification Plugin <= 10.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Smart Notification versions = 10.3...