Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcpfastopenblackholetimeout. When reading sysctltcpfastopenblackholetimeout, it can be changed concurrently. Therefore, we need to add READONCE to its readers...

WordPress Blackhole for Bad Bots plugin <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header vulnerability

Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header vulnerability discovered by Huynh Pham Thanh Luc in WordPress Plugin Blackhole for Bad Bots versions = 3.8...

CVE-2026-4329 Blackhole for Bad Bots <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header

The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield when capturing bot data which...

PT-2026-28202

The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitize text field when capturing bot data whic...

goaway 安全漏洞

goaway is a DNS blackhole software by Hugo Personal Developer. A security vulnerability exists in versions prior to goaway 0.62.19, which stems from the use of hard-coded key signing JWT tokens, which could lead to authentication bypass...

EUVD-2025-179582

Malicious code in convict-thuban-blackhole-chromedriver npm...

EUVD-2025-177708

Malicious code in native-blackhole-parcel-node-sass npm...

EUVD-2025-177971

Malicious code in magnetar-palynology-uranology-blackhole npm...

EUVD-2025-177353

Malicious code in paleomagnetism-playwright-blackhole-izar npm...

EUVD-2025-178005

Malicious code in luna-cordelia-blackhole-lithosphere npm...

EUVD-2025-175434

Malicious code in yonder-webdriverio-lynx-blackhole npm...

EUVD-2025-180038

Malicious code in blackhole-prettier-plugin-markdown-achernar-redis npm...

EUVD-2025-178925

Malicious code in fetch-blackhole-framework-apollo npm...

EUVD-2025-179076

Malicious code in eridanus-darkenergy-blackhole-selenium npm...

EUVD-2025-180039

Malicious code in blackhole-jupiter-spectron-webdriver-meteor npm...

EUVD-2025-180413

Malicious code in antares-superflare-transform-blackhole npm...

EUVD-2025-178165

Malicious code in lacerta-blackhole-juno-capella npm...

EUVD-2025-178570

Malicious code in heliophysics-blackhole-ganymede-cluster npm...

Malicious code in eridanus-darkenergy-blackhole-selenium (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5faf542de599bd45bf39586c3db03f9967f089712019cfa42b18511a1522949 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-178683

Malicious code in got-install-blackhole-pipe npm...