Malicious code in primedio-api-wrapper (npm)

The package primedio-api-wrapper was found to contain malicious code...

BIT-LIBPHP-2025-1736 Stream HTTP wrapper header check might omit basic auth header

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...

BIT-LIBPHP-2025-1734 Streams HTTP wrapper does not fail for headers with invalid name and no colon

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving headers from HTTP server, the headers missing a colon : are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers...

BIT-LIBPHP-2025-1217 Header parser of http stream wrapper does not handle folded headers

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME...

BIT-LIBPHP-2022-31628 phar wrapper can occur dos when using quine gzip file

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...

Exploit for Incorrect Authorization in Sudo_Project Sudo

sudo CVE-2025 Toolkit Unified scanner, benign proof-of-...

Linux Distros Unpatched Vulnerability : CVE-2023-23598

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website coul...

Linux Distros Unpatched Vulnerability : CVE-2023-21102

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In efirtasmwrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local...

CVE-2025-54780 glpi-screenshot-plugin exposes local files in /ajax/screenshot.php

The glpi-screenshot-plugin allows users to take screenshots or screens recording directly from GLPI. In versions below 2.0.2, authenticated user can use the /ajax/screenshot.php endpoint to leak files from the system or use PHP wrappers. This is fixed in version 2.0.2...

RockyLinux 9 : php:8.2 (RLSA-2025:7432)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:7432 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-deco...

RLSA-2025:4263 Moderate: php:8.1 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

php:8.2 security update

An update is available for php-pecl-zip, module.php-pecl-apcu, php-pecl-xdebug3, module.php, module.php-pecl-xdebug3, php-pecl-rrd, php, module.php-pecl-zip, php-pecl-apcu, module.php-pecl-rrd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a...

php:8.3 security update

An update is available for php-pecl-zip, module.php-pecl-apcu, php-pecl-xdebug3, module.php, php-pecl-redis6, module.php-pecl-xdebug3, php-pecl-rrd, php, module.php-pecl-zip, php-pecl-apcu, module.php-pecl-redis6, module.php-pecl-rrd. This update affects Rocky Linux 9. A Common Vulnerability...

RLSA-2025:7432 Moderate: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

CVE-2025-54129

HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4 and below, the application returns a 200 response when requesting the data of a valid user and a 404 response when requesting the data of an invalid user. This can be...

CLSA-2025-1753299555 traceroute: Fix of CVE-2023-46316

CVE-2023-46316: parse command lines properly in wrapper scripts...

MAL-2025-6155 Malicious code in community-pass-react-native-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45d465e1a0ba3936c02d875635041ba0362e96dee19c7f7d727391a4bdcb5dc9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

drm/amd/display: check stream id dml21 wrapper to get plane_id

...

SUSE-SU-2025:02254-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL bsc1228557. - CVE-2024-49568: net/smc: check v2extoffset/eidcnt/ismgidcnt when...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible reference leak in the espintcp wrapper socket cache...