CVE-2025-66026 REDAXO is Vulnerable to Reflected XSS in Mediapool Info Banner via args[types]

REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when a...

CVE-2025-66026 REDAXO is Vulnerable to Reflected XSS in Mediapool Info Banner via args[types]

REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when a...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the argstypes parameter, which is rendered into an info banner without proper HTML escaping. An attacker can execute arbitrary JavaScript code in the backend context by tricking an authenticated user into...

Malicious code in get-them-args (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1885f72a03b5b12ad9795b819da4d8cbd92b5985848b3f9a057afd389de5a8f8 The package get-them-args was found to contain malicious code. Source: ghsa-malware d70e3f04273d02fdaa9555197354a75aba13abe81a22763a353d47db93ce9b32...

EUVD-2025-199211

Malicious code in get-them-args npm...

MAL-2025-191103 Malicious code in get-them-args (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1885f72a03b5b12ad9795b819da4d8cbd92b5985848b3f9a057afd389de5a8f8 The package get-them-args was found to contain malicious code. Source: ghsa-malware d70e3f04273d02fdaa9555197354a75aba13abe81a22763a353d47db93ce9b32...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989207)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989207 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent underflow in nfssvcdecodewriteargs Smatch complains: fs/nfsd/nfsxdr.c:341...

CVE-2025-40036

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix possible map leak in fastrpcputargs copytouser failure would cause an early return without cleaning up the fdlist, which has been updated by the DSP. This could lead to map leak. Fix this by redirecting to a...

CVE-2025-40036 misc: fastrpc: fix possible map leak in fastrpc_put_args

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix possible map leak in fastrpcputargs copytouser failure would cause an early return without cleaning up the fdlist, which has been updated by the DSP. This could lead to map leak. Fix this by redirecting to a...

EUVD-2025-36492

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix possible map leak in fastrpcputargs copytouser failure would cause an early return without cleaning up the fdlist, which has been updated by the DSP. This could lead to map leak. Fix this by redirecting to a...

CVE-2025-40036

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix possible map leak in fastrpcputargs copytouser failure would cause an early return without cleaning up the fdlist, which has been updated by the DSP. This could lead to map leak. Fix this by redirecting to a...

CVE-2025-10547

An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption...

EUVD-2016-3423

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986686)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986686 advisory. In the Linux kernel, the following vulnerability has been resolved: net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic83xxaddrings In qlcnic83xxaddrings,...

EUVD-2025-4966

Malicious code in bioql PyPI...

EUVD-2022-4566

Malicious code in bioql PyPI...

EUVD-2025-28936

Malicious code in bioql PyPI...

EUVD-2025-28842

Malicious code in bioql PyPI...

j178/prek-action vulnerable to arbitrary code injection in composite action

Summary There are three potential attacks of arbitrary code injection vulnerability in the composite action at action.yml. Details The GitHub Action variables inputs.prek-version, inputs.extraargs, and inputs.extra-args can be used to execute arbitrary code in the context of the action. PoC yaml ...

GHSA-PWF7-47C3-MFHX j178/prek-action vulnerable to arbitrary code injection in composite action

Summary There are three potential attacks of arbitrary code injection vulnerability in the composite action at action.yml. Details The GitHub Action variables inputs.prek-version, inputs.extraargs, and inputs.extra-args can be used to execute arbitrary code in the context of the action. PoC yaml ...