Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 - React2Shell ██████╗ ███████╗ █████╗ █...

curl: Title: Use-After-Free in cURL Test Suite via Improper Cleanup of Global Handle

Title: Use-After-Free in cURL Test Suite via Improper Cleanup of Global Handle c / Project | | | | | | / | | | | | | | | | || | , et al. This software is licensed as described in the file COPYING, which you should have received as part of this distribution. The terms are also available at...

UBUNTU-CVE-2025-40232

In the Linux kernel, the following vulnerability has been resolved: rv: Fully convert enabledmonitors to use listhead as iterator The callbacks in enabledmonitorsseqops are inconsistent. Some treat the iterator as struct rvmonitor , while others treat the iterator as struct listhead . This causes...

CVE-2025-40249

The CVE-2025-40249 issue affects the Linux kernel GPIO character device (gpio cdev). The release path can defer the fput() action to a work queue while the descriptor’s reference count already reached zero, risking a use-after-free if get_file() is used. The documented fix is to use get_file_acti...

PT-2025-49079

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to GPIO character device handling. Specifically, the issue arises when a GPIO change event occurs after the file descriptor associated with the...

CVE-2025-12358

The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "postaddtolist" function as well as an incorrect permissions callback in the "Api/init"...

SUSE SLES15 Security Update : kernel (Live Patch 45 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2025:4242-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:4242-1 advisory. This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.179 fixes one security issue The following security issue was fixed: - CVE-2023-5367...

ROS-20251203-04

A vulnerability in the cross-platform software development framework Qt is related to the fact that QStringConverter has an invalid pointer passed as a callback. Exploitation of the vulnerability could allow an attacker to bypass the implemented security restrictions...

SUSE SLES15 Security Update : kernel (Live Patch 43 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2025:4281-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:4281-1 advisory. This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.173 fixes one security issue The following security issue was fixed: - CVE-2023-5367...

ROS-20251203-10

Vulnerability of parse.ParseUnverified function of golang-jwt web token library of Go programming language is related to uncontrolled resource consumption. Go programming language is related to uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acting remotely...

EUVD-2025-199770

Spotipy has a XSS vulnerability in its OAuth callback server...

GHSA-R77H-RPP9-W2XM Spotipy has a XSS vulnerability in its OAuth callback server

Summary XSS vulnerability in OAuth callback server allows JavaScript injection through unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's browser during OAuth authentication. Details Vulnerable Code: spotipy/oauth2.py lines 1238-1274 RequestHandler.doGET The...

Spotipy has a XSS vulnerability in its OAuth callback server

Summary XSS vulnerability in OAuth callback server allows JavaScript injection through unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's browser during OAuth authentication. Details Vulnerable Code: spotipy/oauth2.py lines 1238-1274 RequestHandler.doGET The...

SUSE CVE-2025-66040

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

SUSE-SU-2025:4281-1 Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.173 fixes one security issue The following security issue was fixed: - CVE-2023-53673: Bluetooth: hcievent: call disconnect callback before deleting conn bsc1251983...

CVE-2025-66040

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

DEBIAN-CVE-2025-66040

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

UBUNTU-CVE-2025-66040

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

Spotipy 跨站脚本漏洞

Spotipy is the spotipy-dev individual developer's lightweight Python library for the Spotify Web API. A cross-site scripting vulnerability exists in Spotipy versions prior to 2.25.2, which stems from the OAuth callback server failing to clean up incorrect parameters, which could lead to a...

CVE-2025-66040 Spotipy has a XSS vulnerability in OAuth callback server

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...