PT-2025-5087 · Unknown · Wm Options Import Export

Name of the Vulnerable Software and Affected Versions: WM Options Import Export versions 1.0.1 and earlier Description: The issue allows for the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. This can potentially expose confidential information...

CVE-2025-21635

In the Linux kernel, the following vulnerability has been resolved: rds: sysctl: rdstcprcv,sndbuf: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...

CVE-2025-21640 sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookiehmacalg: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...

PT-2025-3936 · Unknown · Code-Projects Job Recruitment

Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0 Description: A vulnerability has been found in the code and classified as problematic. This issue affects unknown code of the file / parse/ feedback system.php. The manipulation of the type argument...

PT-2025-4842 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: Librenms versions up to 24.10.1 Description: The issue is a stored XSS that affects the parameter: ajax form.php - param: state. This allows remote attackers to inject malicious scripts, which execute immediately when a user views or interact...

AZL-56373 CVE-2024-52005 affecting package git 2.40.4-2

Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...

AZL-55667 CVE-2024-52006 affecting package git for versions less than 2.45.3-1

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems mos...

PT-2025-1177 · Adobe · Substance3D - Designer

Name of the Vulnerable Software and Affected Versions: Substance3D - Designer versions 14.0 and earlier Description: The issue is related to a heap-based buffer overflow in the dynamic memory of Substance 3D Designer, which could allow an attacker to execute arbitrary code in the context of the...

SUSE CVE-2024-56776

In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers The return value of drmatomicgetcrtcstate needs to be checked. To avoid use of error pointer 'crtcstate' in case of the failure...

PT-2025-3273 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap version 14.9.6 Description: A stored cross-site scripting XSS vulnerability in the built-in messenger of REDCap allows authenticated users to inject malicious scripts into the message field. When a user clicks on the received message,...

AZL-55346 CVE-2024-56778 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in stihqvdpatomiccheck The return value of drmatomicgetcrtcstate needs to be checked. To avoid use of error pointer 'crtcstate' in case of the failure...

PT-2025-4348

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.127 Linux kernel versions prior to 6.6.74 Linux kernel versions prior to 6.12.11 Description The issue is related to the iomap write delalloc scan function in the Linux kernel, which can lead to an infinite...

PT-2025-3698 · Siwx91X · Siwx91X

Name of the Vulnerable Software and Affected Versions: SiWx91x devices affected versions not specified Description: The issue is related to the SHA2/224 algorithm, which returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, causing a Denial of...

DEBIAN-CVE-2024-56761

In the Linux kernel, the following vulnerability has been resolved: x86/fred: Clear WFE in missing-ENDBRANCH CPs An indirect branch instruction sets the CPU indirect branch tracker IBT into WAITFORENDBRANCH WFE state and WFE stays asserted across the instruction boundary. When the decoder finds a...

Malicious Package

Overview monoliht is a malicious package. This package contains malicious code that exfiltrates sensitive data. Remediation Avoid using all malicious instances of the monoliht package. References - Security Advisory...

Malicious Package

Overview chauuuyhhn is a malicious package. This package contains malicious code that exfiltrates sensitive data. Remediation Avoid using all malicious instances of the chauuuyhhn package. References - Security Advisory...

PT-2025-3772 · Unknown · Code-Projects Point Of Sales/Inventory Management System

Name of the Vulnerable Software and Affected Versions: code-projects Point of Sales and Inventory Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown function of the file /user/minus cart.php. The manipulation of the id argument leads to SQL...

PT-2026-4476

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel's netfilter module contains an issue within the nf tables component related to chain validation. The vulnerability can lead to CPU soft lock-ups during nft chain validat...

PT-2024-17886 · Unknown · Antabot White-Jotter

Name of the Vulnerable Software and Affected Versions: Antabot White-Jotter versions up to 0.2.2 Description: A problematic issue was found in the Edit Book Handler component, affecting an unknown function of the file /admin/content/book. This leads to server-side request forgery, which can be...

PT-2024-10625 · Unknown · Crypt::Random::Source

Name of the Vulnerable Software and Affected Versions: Crypt::Random::Source versions prior to 0.13 Description: The issue concerns the Crypt::Random::Source package for Perl, which has a fallback to the built-in rand function. This function is not a secure source of random bits, potentially...