332 matches found
EUVD-2025-205162
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix memory leak in rxdesc and txdesc Currently when ath12kdpccdescinit is called we allocate memory to rxdescs and txdescs. In ath12kdpcccleanup, during descriptor cleanup rxdescs and txdescs memory is not freed. Th...
EUVD-2025-204734
Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting XSS. Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel...
EUVD-2025-204329
A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts in the administration interface. Attackers can exploit this vulnerability to execute arbitrary scripts within the administrative context...
EUVD-2025-204376
A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /userleads.php of the component Leads Generation Module. Executing manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been...
EUVD-2025-201314
A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be executed remotely. The...
📄 Microsoft Windows 11 Build 10.0.27898.1000 AiRegistrySync Bypass / Privilege Escalation
Microsoft Windows 11 build 10.0.27898.1000 Metasploit module designed to achieve local privilege escalation on Windows 10/11 by targeting a vulnerability misconfiguration in the AiRegistrySync service...
EUVD-2025-200994
A potential security vulnerability has been identified in HP Image Assistant for versions prior to 5.3.3. The vulnerability could potentially allow a local attacker to escalate privileges via a race condition when installing packages...
EUVD-2025-141092
Malicious code in kapvino-soafsi-vaidas npm...
EUVD-2025-131963
An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...
EUVD-2025-32214
Malicious code in bioql PyPI...
BELL-CVE-2025-38651
Bulletin has no description...
WordPress Sala Theme <= 1.1.6 is vulnerable to Local File Inclusion
Software Sala Type Theme Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-54709 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 734caf3a58cf Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...
MAL-2025-41054 Malicious code in zoo-frontend-dependencies (npm)
The package zoo-frontend-dependencies was found to contain malicious code...
CVE-2025-50097
CVE-2025-50097 ties to MySQL Server (Encryption component). Affected: 8.0.0-8.0.42, 8.4.0-8.4.5, 9.0.0-9.3.0. Attack requires network access by high-privileged actor and can cause a hang or complete DOS of MySQL Server. IBM/Guardium advisory notes this CVE as addressed in an update for affected p...
CVE-2025-50070
CVE-2025-50070 affects Oracle Database Server JDBC: vulnerable in JDBC component for Oracle Database Server versions 23.4–23.8. Root cause as described is a vulnerability in JDBC that can enable a low-privileged, authenticated OS user with logon to the infrastructure where JDBC runs to access JDB...
Metasploit Wrap-Up 07/11/2025
Active Directory LDAP Library This week Metasploit added a library for working with Active Directory Domain Controllers over LDAP. The library consolidates common functionality and implements a caching mechanism to support common operations such as looking up objects by their DN, sAMAccountName, ...
CVE-2025-32374
creationtimestamp| type| source ---|---|--- 2025-04-09 15:47:31+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11086...
GHSA-358P-X39M-99MM
creationtimestamp| type| source ---|---|--- 2025-03-31 19:31:24+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9757...
GHSA-7G95-JMG9-H524 vulnerabilities
Vulnerabilities for packages: jenkins...
GHSA-86CX-HCFC-8MM8
creationtimestamp| type| source ---|---|--- 2025-02-25 18:22:35+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5341...