25 matches found
Malicious code in @tarojs/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59b4e6cd0fe6bd16c6fb2bd04e6542a2a3052182d8815a08b124df56f2d9fde2 On npm install, the package's postinstall script performs a reachability GET to https://taro.jd.com/ and, on success, invokes the package's own...
OpenClaw: Native prompt image auto-load did not honor tools.fs.workspaceOnly in sandboxed runs
Summary In sandboxed runs, native prompt image auto-load did not honor tools.fs.workspaceOnly=true. This optional hardening setting is not enabled by default. When operators enabled it, prompt text could still reference mounted out-of-workspace image paths for example /agent/secret.png and load...
CVE-2026-25129
PsySH (PHP) is affected by a CWD-based configuration poisoning vulnerability. Prior to versions 0.11.23 and 0.12.19, PsySH auto-loads and executes a .psysh.php file from the current working directory at startup. If an attacker can write to a directory that a victim later uses as the CWD, they can...
EUVD-2025-7983
Malicious code in bioql PyPI...
CVE-2025-30529
Cross-Site Request Forgery CSRF vulnerability in Sébastien Dumont Auto Load Next Post auto-load-next-post allows Cross Site Request Forgery.This issue affects Auto Load Next Post: from n/a through = 1.5.14...
CVE-2025-30529
Cross-Site Request Forgery CSRF vulnerability in Sébastien Dumont Auto Load Next Post auto-load-next-post allows Cross Site Request Forgery.This issue affects Auto Load Next Post: from n/a through = 1.5.14...
CVE-2025-30529 WordPress Auto Load Next Post plugin <= 1.5.14 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Sébastien Dumont Auto Load Next Post auto-load-next-post allows Cross Site Request Forgery.This issue affects Auto Load Next Post: from n/a through = 1.5.14...
CVE-2025-30529
CVE-2025-30529 describes a Cross-Site Request Forgery (CSRF) in the WordPress plugin “Auto Load Next Post” (WordPress Infinite Scroll) affecting versions from unknown up to 1.5.14. CVSS v3.1 base score is 4.3 (Medium). Connected documents show no public exploit details or patch status; monitor fo...
CVE-2025-30529 WordPress Auto Load Next Post plugin <= 1.5.14 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Sébastien Dumont Auto Load Next Post auto-load-next-post allows Cross Site Request Forgery.This issue affects Auto Load Next Post: from n/a through = 1.5.14...
WordPress Auto Load Next Post plugin <= 1.5.14 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Auto Load Next Post versions = 1.5.14...
WordPress plugin Auto Load Next Post 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in...
CVE-2022-0617
A NULL pointer dereference was found in the Linux kernel’s UDF file system functionality in the way the user triggers the udffilewriteiter function for a malicious UDF image. This flaw allows a local user to crash the system. Mitigation As the UDF module udf.ho will be auto-loaded when required,...
CVE-2019-19543
A flaw was found in the Linux kernel’s infrared serial module. An attacker could use this flaw to corrupt memory and possibly escalate privileges. Mitigation As the module will be auto-loaded when the relevant hardware is required, its use can be disabled by preventing the module from loading wit...
The media player can lead to millions of systems suffer from subtitles attack-vulnerability warning-the black bar safety net
Experts pointed out that, as long as the attacker can make the target user in which a vulnerable media player to open a malicious subtitle file will be able to fully control the device. For automatically from the Internet to get the caption of the application, without any user interaction it can...
GNU Emacs: Multiple vulnerabilities
Background GNU Emacs is a highly extensible and customizable text editor. Description Multiple vulnerabilities have been discovered in GNU Emacs: When ‘global-ede-mode’ is enabled, EDE in Emacs automatically loads a Project.ede file from the project directory CVE-2012-0035. When...
Medium: gdb
Issue Overview: GDB tried to auto-load certain files such as GDB scripts, Python scripts, and a thread debugging library from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user's privileges when GDB was run in a directory that...
Scientific Linux Security Update : gdb on SL6.x i386/x86_64 (20130221)
GDB tried to auto-load certain files such as GDB scripts, Python scripts, and a thread debugging library from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user's privileges when GDB was run in a directory that has untrusted...
RHEL 6 : gdb (RHSA-2013:0522)
Updated gdb packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Moderate: Red Hat Security Advisory: gdb security and bug fix update
Updated gdb packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
[SECURITY] Fedora 18 Update: pl-6.0.2-5.fc18
ISO/Edinburgh-style Prolog compiler including modules, auto-load, libraries, Garbage-collector, stack-expandor, C/C++-interface, GNU-readline interface, very fast compiler. Including packages clib Unix process control and sockets, cpp C++ interface, sgml reading XML/SGML, sgml/RDF reading RDF int...