spmrc 安全漏洞

spmrc is an open source spmrc management library from Static Package Manager. A security vulnerability exists in spmrc 1.2.0 and earlier versions, which stems from prototype contamination of the set and config functions, which allows an attacker to inject attributes via a specially crafted payloa...

SassDoc Extras 安全漏洞

SassDoc Extras is a SassDoc theme builder from SassDoc Open Source. A security vulnerability exists in SassDoc Extras 2.5.1 and earlier versions, which stems from a prototype contamination in the byGroupAndType function, which allows an attacker to inject attributes via a specially crafted payloa...

PT-2025-39316

Name of the Vulnerable Software and Affected Versions min-document versions prior to 2.19.0 Description A flaw exists in the 'min-document' package due to improper handling of namespace operations within the removeAttributeNS function. An attacker can exploit this by manipulating the prototype...

CVE-2025-57352

A vulnerability exists in the 'min-document' package prior to version 2.19.0, stemming from improper handling of namespace operations in the removeAttributeNS method. By processing malicious input involving the proto property, an attacker can manipulate the prototype chain of JavaScript objects,...

CVE-2025-9115 Etsy Shop < 3.0.7 - Reflected XSS via $_SERVER['REQUEST_URI']

The Etsy Shop WordPress plugin before 3.0.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2025-10675

A security flaw has been discovered in fuyanglipengjun platform 1.0. This impacts the function AttributeController of the file /attribute/queryAll. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public...

xfs: do not propagate ENODATA disk errors into xattr code

...

Linux Distros Unpatched Vulnerability : CVE-2023-53369

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: dcb: choose correct policy to parse DCBATTRBCN The dcbnlbcnsetcfg uses erroneous policy to parse tbDCBATTRBCN, which is introduced in commit 859ee3c43812...

CLSA-2025-1758292868 Fix CVE(s): CVE-2025-7425

SECURITY UPDATE: memory corruption vulnerability in attribute type flags - debian/patches/CVE-2025-7425.patch: Fix heap-use-after-free caused by atype corruption - CVE-2025-7425...

OESA-2025-2315 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when allocpage failed We cannot set fraglist to NULL pointer when allocpage failed. It will be used in tlsstrpcheckqueueok when the nex...

CVE-2025-10456

A vulnerability was identified in the handling of Bluetooth Low Energy BLE fixed channels such as SMP or ATT. Specifically, an attacker could exploit a flaw that causes the BLE target i.e., the device under attack to attempt to disconnect a fixed channel, which is not allowed per the Bluetooth...

CLSA-2025-1758228293 Fix CVE(s): CVE-2025-7425

SECURITY UPDATE: memory corruption vulnerability in attribute type flags - debian/patches/CVE-2025-7425.patch: fix heap-use-after-free in xmlFreeID caused by atype corruption - CVE-2025-7425...

CLSA-2025-1758228035 Fix CVE(s): CVE-2025-7425

SECURITY UPDATE: memory corruption in attribute type handling - debian/patches/CVE-2025-7425.patch: guard against atype corruption to ensure proper ID cleanup and prevent heap-use-after-free - CVE-2025-7425...

CVE-2025-10674

A vulnerability was identified in fuyanglipengjun platform 1.0. This affects the function AttributeCategoryController of the file /attributecategory/queryAll. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit is publicly available and might be use...

CVE-2025-10674

A vulnerability was identified in fuyanglipengjun platform 1.0. This affects the function AttributeCategoryController of the file /attributecategory/queryAll. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit is publicly available and might be use...

CVE-2025-10675

A security flaw has been discovered in fuyanglipengjun platform 1.0. This impacts the function AttributeController of the file /attribute/queryAll. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public...

CVE-2025-10675

A security flaw has been discovered in fuyanglipengjun platform 1.0. This impacts the function AttributeController of the file /attribute/queryAll. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public...

CVE-2025-10675 fuyang_lipengjun platform queryAll AttributeController improper authorization

A security flaw has been discovered in fuyanglipengjun platform 1.0. This impacts the function AttributeController of the file /attribute/queryAll. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public...

CVE-2025-10674 fuyang_lipengjun platform queryAll AttributeCategoryController improper authorization

A vulnerability was identified in fuyanglipengjun platform 1.0. This affects the function AttributeCategoryController of the file /attributecategory/queryAll. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit is publicly available and might be use...

CVE-2025-10674

CVE-2025-10674 affects the fuyang_lipengjun platform v1.0, specifically the AttributeCategoryController at /attributecategory/queryAll. The vulnerability is described as improper authorization that can be exploited remotely, with public exploit material available. Connected sources corroborate th...