CVE-2025-1181

GNU Binutils 2.43 contains a memory corruption vulnerability in ld: the function _bfd_elf_gc_mark_rsec in bfd/elflink.c is affected, enabling a remote exploit with high attack complexity as per CVSS-derived notes. The exposure is linked to memory corruption in the ld component, and a patch is ref...

CVE-2025-1152

A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...

CVE-2025-1152 GNU Binutils ld xstrdup.c xstrdup memory leak

A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...

CVE-2025-1149

CVE-2025-1149 affects GNU Binutils 2.43, specifically the xstrdup path in libiberty/xmalloc.c used by ld, causing a memory leak. The issue can be exploited remotely and is described as high attack complexity with the exploit publicly disclosed. Reports indicate fixes have been committed to the ma...

CVE-2025-1149

A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rathe...

CVE-2025-23898

Cross-Site Request Forgery CSRF vulnerability in ivobrett Apply with LinkedIn buttons apply-with-linkedin-buttons allows Stored XSS.This issue affects Apply with LinkedIn buttons: from n/a through = 2.3...

Resumes Management and Job Application Website 安全漏洞

Resumes Management and Job Application Website is a resume management and job application website from the individual developers at EGavilan Media. A security vulnerability exists in Resumes Management and Job Application Website version 1.0. An attacker injected arbitrary code via the first and...

CVE-2024-6281

A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...

GHSA-MX2J-7CMV-353C wasmvm: Malicious smart contract can slow down block production

CWA-2025-002 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.2.0, = 2.1.0, = 2.0.0, 2.0.6 - wasmvm 1.5.8 Patched versions: - wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2 Description of the bug The vulnerability can be used to slow down block production. The attack requires a malicious...

GHSA-23QP-3C2M-XX6W wasmvm: Malicious smart contract can crash the chain

CWA-2025-001 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.2.0, = 2.1.0, = 2.0.0, 2.0.6 - wasmvm 1.5.8 Patched versions: - wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2 Description of the bug The vulnerability can be used to crash the chain. The underlying bug that causes this is presen...

WordPress Apply with LinkedIn buttons plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Apply with LinkedIn buttons versions = 2.3...

CVE-2024-57770

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/saveoaContractApply.id...

CVE-2024-57770

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/saveoaContractApply.id...

CVE-2024-57770

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/saveoaContractApply.id...

WordPress plugin Apply with LinkedIn buttons 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

JFinalOA 安全漏洞

JFinalOA is an enterprise office system based on the JFinal framework developed by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01, which was discovered to contain an SQL injection vulnerability via the component apply/saveoaContractApply.id...

CVE-2024-57770

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/saveoaContractApply.id...

PT-2025-3564 · Jfinaloa · Jfinaloa

Name of the Vulnerable Software and Affected Versions: JFinalOA versions prior to v2025.01.01 Description: A SQL injection issue was discovered in the component apply/saveoaContractApply.id. This allows for potential SQL injection attacks. Recommendations: For versions prior to v2025.01.01, updat...

PT-2025-13418 · Dell · Dell Unity

Name of the Vulnerable Software and Affected Versions: Dell Unity versions 5.4 and prior Description: The issue is related to an Improper Neutralization of Special Elements used in an OS Command, also known as an 'OS Command Injection' vulnerability. This vulnerability can be exploited by an...

DEBIAN-CVE-2024-56633

In the Linux kernel, the following vulnerability has been resolved: tcpbpf: Fix the skmemuncharge logic in tcpbpfsendmsg The current sk memory accounting logic in SKREDIRECT is pre-uncharging tosend bytes, which is either msg-sg.size or a smaller value applybytes. Potential problems with this...