Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcpfastopenblackholetimeout. When reading sysctltcpfastopenblackholetimeout, it can be changed concurrently. Therefore, we need to add READONCE to its readers...

WordPress Blackhole for Bad Bots plugin <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header vulnerability

Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header vulnerability discovered by Huynh Pham Thanh Luc in WordPress Plugin Blackhole for Bad Bots versions = 3.8...

CVE-2026-4329 Blackhole for Bad Bots <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header

The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield when capturing bot data which...

PT-2026-28202

The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitize text field when capturing bot data whic...

goaway 安全漏洞

goaway is a DNS blackhole software by Hugo Personal Developer. A security vulnerability exists in versions prior to goaway 0.62.19, which stems from the use of hard-coded key signing JWT tokens, which could lead to authentication bypass...

MAL-2025-186806 Malicious code in eridanus-darkenergy-blackhole-selenium (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5faf542de599bd45bf39586c3db03f9967f089712019cfa42b18511a1522949 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179582

Malicious code in convict-thuban-blackhole-chromedriver npm...

EUVD-2025-178005

Malicious code in luna-cordelia-blackhole-lithosphere npm...

EUVD-2025-175434

Malicious code in yonder-webdriverio-lynx-blackhole npm...

EUVD-2025-177971

Malicious code in magnetar-palynology-uranology-blackhole npm...

EUVD-2025-178507

Malicious code in html-webpack-plugin-multiverse-proteomics-blackhole npm...

EUVD-2025-178925

Malicious code in fetch-blackhole-framework-apollo npm...

EUVD-2025-180039

Malicious code in blackhole-jupiter-spectron-webdriver-meteor npm...

EUVD-2025-180038

Malicious code in blackhole-prettier-plugin-markdown-achernar-redis npm...

EUVD-2025-175481

Malicious code in xml-ganymede-blackhole-chalk npm...

EUVD-2025-177353

Malicious code in paleomagnetism-playwright-blackhole-izar npm...

Malicious code in eridanus-darkenergy-blackhole-selenium (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5faf542de599bd45bf39586c3db03f9967f089712019cfa42b18511a1522949 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-180413

Malicious code in antares-superflare-transform-blackhole npm...

EUVD-2025-178165

Malicious code in lacerta-blackhole-juno-capella npm...

EUVD-2025-178683

Malicious code in got-install-blackhole-pipe npm...