CVE-2024-32647

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...

CVE-2024-10869

The WordPress Brute Force Protection – Stop Brute Force Attacks plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.2.6. This makes it possible for...

UBUNTU-CVE-2022-49849

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix match incorrectly in devargsmatchdevice syzkaller found a failed assertion: assertion failed: args-devid != u64-1 || args-missing, in fs/btrfs/volumes.c:6921 This can be triggered when we set devid to u64-1 by ioctl. I...

Information Exposure

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Information Exposure due to improper handling of error messages in the REST API. An attacker can access sensitive user data by exploiting stack traces returned from specific API calls. Note: This is...

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining through the spec.template.container configuration in the EventSource and Sensor custom resources. An attacker can gain privileged access to the host system and cluster by injecting commands into a container template...

CVE-2025-21852

In the Linux kernel, the following vulnerability has been resolved: net: Add rxskb of kfreeskb to rawtpnullargs. Yan Zhai reported a BPF prog could trigger a null-ptr-deref 0 in tracekfreeskb if the prog does not check if rxsk is NULL. Commit c53795d48ee8 "net: add rxsk to tracekfreeskb" added rx...

PT-2025-8702 · Git +1 · Net-Snmp

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A heap buffer overflow read issue has been identified, which can cause a crash. The crash occurs in the snmp in options function, and is related to the netsnmp parse args function. This issu...

PT-2025-7663 · Net Snmp · Net-Snmp

Name of the Vulnerable Software and Affected Versions: netsnmp affected versions not specified Description: The issue is related to a heap-use-after-free error. Technical details about the error include the netsnmp hex to binary function, snmpv3 parse arg function, and netsnmp parse args function...

AZL-56121 CVE-2024-47809 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkbresource null dereference This patch fixes a possible null pointer dereference when this function is called from requestlock as lkb-lkbresource is not assigned yet, only after validatelockargs by calling...

CVE-2024-47809 dlm: fix possible lkb_resource null dereference

In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkbresource null dereference This patch fixes a possible null pointer dereference when this function is called from requestlock as lkb-lkbresource is not assigned yet, only after validatelockargs by calling...

PT-2025-1764 · WordPress · Gdy Modular Content

Name of the Vulnerable Software and Affected Versions: GDY Modular Content plugin for WordPress versions up to, and including, 0.9.91 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without proper escaping on the URL. This allows unauthenticated...

PT-2024-16913 · WordPress · Comfino Payment Gateway

Name of the Vulnerable Software and Affected Versions: Comfino Payment Gateway plugin for WordPress versions up to, and including, 4.1.1 Description: The Comfino Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add query arg and remove query a...

DEBIAN-CVE-2024-53107

In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: prevent integer overflow in pagemapscangetargs The "arg-veclen" variable is a u64 that comes from the user at the start of the function. The "arg-veclen sizeofstruct pageregion" multiplication can lead to integer...

UBUNTU-CVE-2024-53107

In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: prevent integer overflow in pagemapscangetargs The "arg-veclen" variable is a u64 that comes from the user at the start of the function. The "arg-veclen sizeofstruct pageregion" multiplication can lead to integer...

CVE-2024-53107 fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args()

In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: prevent integer overflow in pagemapscangetargs The "arg-veclen" variable is a u64 that comes from the user at the start of the function. The "arg-veclen sizeofstruct pageregion" multiplication can lead to integer...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an integer overflow in the pagemapscangetargs function in the fs/proc/taskmmu component...

CVE-2024-10880

The JobBoardWP – Job Board Listings and Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated...

Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: Security issues fixed: CVE-2023-3978: Fixed security bug in x/net dependency bsc1213933 Other changes and issues fixed: Delete unpackaged debug files for RHEL Do not include source files in the package for RHEL 9...

CVE-2024-10877

The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.92.0. This makes it possible for unauthenticated attackers t...

CVE-2024-10850

The Razorpay Payment Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attacker...