Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible reference leak in the espintcp wrapper socket cache...

SUSE CVE-2025-38091

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check stream id dml21 wrapper to get planeid Why & How Fix a false positive warning which occurs due to lack of correct checks when querying planeid in DML21. This fixes the warning when performing a mode1 reset...

DEBIAN-CVE-2025-38091

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check stream id dml21 wrapper to get planeid Why & How Fix a false positive warning which occurs due to lack of correct checks when querying planeid in DML21. This fixes the warning when performing a mode1 reset...

CVE-2025-38091 drm/amd/display: check stream id dml21 wrapper to get plane_id

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check stream id dml21 wrapper to get planeid Why & How Fix a false positive warning which occurs due to lack of correct checks when querying planeid in DML21. This fixes the warning when performing a mode1 reset...

Malicious code in price_wrapper (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f5ebf05195379c1b9f9c6c4d2e95b165168168a4ebba5c036cc803789ac46d2 Any computer that has this package installed or running should be considered...

MAL-2025-5074 Malicious code in build-react-wrapper (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in build-react-wrapper (npm)

--- -= Per source details. Do not edit below this line.=-...

VulnCheck KEV: CVE-2014-2383

dompdf.php in dompdf before 0.6.1, when DOMPDFENABLEPHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the inputfile parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in...

Malicious code in yaml-mcp-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63f698f000e6c4702e971dcd3923f64bd9039710fde38e7329b170ba0266ac01 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4635 Malicious code in yaml-mcp-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63f698f000e6c4702e971dcd3923f64bd9039710fde38e7329b170ba0266ac01 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

[SECURITY] Fedora 41 Update: rust-rusqlite-0.31.0-6.fc41

Ergonomic wrapper for SQLite...

[SECURITY] Fedora 42 Update: rust-rusqlite-0.31.0-6.fc42

Ergonomic wrapper for SQLite...

SUSE-SU-2025:20361-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2025-4802: elf: Ignore LDLIBRARYPATH and debug env var for setuid for static bsc1243317 - pthreads NPTL: lost wakeup fix 2 bsc1234128, BZ 25847 - Mark functions in libcnonshared.a as hidden bsc1239883 - Linux: Switch back to assembly syscall...

Security update for glibc

This update for glibc fixes the following issues: CVE-2025-4802: elf: Ignore LDLIBRARYPATH and debug env var for setuid for static bsc1243317 pthreads NPTL: lost wakeup fix 2 bsc1234128, BZ 25847 Mark functions in libcnonshared.a as hidden bsc1239883 Linux: Switch back to assembly syscall wrapper...

CVE-2024-1106

The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-2455

The Element Pack - Addon for Elementor Page Builder WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget wrapper link URL in all versions up to, and including, 7.9.0 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-29109

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jan-Peter Lambeck & 3UU Shariff Wrapper allows Stored XSS.This issue affects Shariff Wrapper: from n/a through 4.6.10...

CVE-2024-0966

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes like 'infotext'. This makes it possible for...

CVE-2024-26279

The wrapper extensions do not correctly validate inputs, leading to XSS vectors...

CVE-2023-28448

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...