21 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: dpaa2-eth: The virtual address is retrieved before calling dmaunmap. The TSO header was unmapped via DMA before the virtual address was retrieved, and then the buffer was freed using that address. This meant that we actually...
Malicious code in anthropic-shared-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e54ef50a83e2f379965286ed404d16ca3389a9ce5c8593718ef4e6f307cc6084 This package impersonates Anthropic's internal namespace and self-describes as 'Full RCE PoC - Alex Birsan Style'. Its package.json declares a...
CVE-2026-43139
In the Linux kernel, the following vulnerability has been resolved: xfrm6: fix uninitialized saddr in xfrm6getsaddr xfrm6getsaddr does not check the return value of ipv6devgetsaddr. When ipv6devgetsaddr fails to find a suitable source address returns -EADDRNOTAVAIL, saddr-in6 is left uninitialize...
PT-2025-53670
Name of the Vulnerable Software and Affected Versions PbootCMS versions prior to 3.2.12 Description A security issue exists in PbootCMS that allows for remote manipulation of the X-Forwarded-For argument. This manipulation impacts the get user ip function within the core/function/handle.php file,...
EUVD-2025-203631
In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix DMA-API usage Use DMA-API dmamapsingle call for getting the DMA address of the transfer buffer instead of hacking with virttophys. This fixes the following DMA-API debug warning: ------------ cut here...
EUVD-2022-15458
Malicious code in bioql PyPI...
AZL-54601 CVE-2024-53100 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queuelock lock and destroy Commit 76d54bf20cdc "nvme-tcp: don't access released socket during error recovery" added a mutexlock call for the queue-queuelock in nvmetcpgetaddress. However, the mutexlo...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the xfrm6 component failing to properly check the return value of the ip6dstidev function when obtaining a...
PT-2024-15100 · Unknown · Wp Customer Area
Name of the Vulnerable Software and Affected Versions: WP Customer Area versions prior to 8.2.1 Description: The issue arises from improper validation of user capabilities in certain AJAX actions, allowing any user to retrieve another user's account address. Recommendations: For versions prior to...
CVE-2023-5239
The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection...
Design/Logic Flaw
The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection...
If a lower multiplier for a particular NFT was set the owner of this NFT can avoid syncing votes with new values.
Lines of code Vulnerability details Impact The current situation presents an issue as it is impossible to identify the addresses of users who possess specific NFT tokens locked in the contract. Consequently, if a new multiplier is lower than the previous one, a "malicious" user could exploit this...
CVE-2023-34467 XWiki Platform may retrieve email addresses of all users
XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was also containing...
Powershell-Backdoor-Generator - Obfuscated Powershell Reverse Backdoor With Flipper Zero And USB Rubber Ducky Payloads
Reverse backdoor written in Powershell and obfuscated with Python. Allowing the backdoor to have a new signature after every run. Also can generate auto run scripts for Flipper Zero and USB Rubber Ducky. usage: listen.py -h --ip-address IPADDRESS --port PORT --random --out OUT --verbose --delay...
CVE-2022-3541
A vulnerability classified as critical has been found in Linux Kernel. This affects the function spl2swnvmemgetmacaddress of the file drivers/net/ethernet/sunplus/spl2swdriver.c of the component BPF. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. T...
Liberapay: Email Address Exposure via Gratipay Migration Tool
Through the /migrate route, an attacker can input the username of any user on the site and retrieve their primary email address without any authorization required. Steps to reproduce: Note: This cannot be performed with hackerone-target, because that account seems to return a None as an email. 1...
WordPress plugin Limit Login Attempts 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in WordPres...
Default configuration
BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the email address of each user. When creating a new user, it generates a Unique ID for their profile. This UID is their private email address with symbols removed and periods replaced with hyphens. For example. email protected wou...
DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE)
Exploit Title: DELL dbutil23.sys 2.3 - Arbitrary Write to Local Privilege Escalation LPE Date: 10/05/2021 Exploit Author: Paolo Stagno aka VoidSec Version: include include include include define IOCTLCODE 0x9B0C1EC8 // IOCTLCODE value, used to reach the vulnerable function taken from IDA define...
Mercury - A Hacking Tool Used To Collect Information And Use The Information To Further Hurt The Target
Mercury is a hacking tool used to collect information and use the information to further hurt the target. Installation Requires Python2 Linux apt-get install python2 git clone https://www.github.com/MetaChar/Mercury pip install -r requirements.txt Features BruteForce Mercury uses Selenium to...