EUVD-2008-3511

Malware in sbrugna...

EUVD-2025-7225

Malicious code in bioql PyPI...

CVE-2025-25500

An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain...

CosmWasm Allows Bypass of Capability Restrictions in Blockchains

An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain...

GHSA-CG8R-JWG7-R2X4 CosmWasm Allows Bypass of Capability Restrictions in Blockchains

An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain...

CVE-2025-25500

An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain...

CVE-2025-25500

An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain...

CVE-2025-25500

An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain...

CosmWasm 安全漏洞

CosmWasm is a CosmWasm open source framework for building smart contracts in Wasm for the Cosmos SDK. A security vulnerability exists in CosmWasm versions prior to v2.2.0, which stems from a lack of runtime capability validation, and allows an attacker to deploy contracts and perform unauthorized...

CVE-2025-25500

CosmWasm prior to v2.2.0 is affected. The issue stems from a lack of runtime capability validation, allowing an attacker to bypass capability restrictions, deploy a contract without enforcement, and perform unauthorized blockchain actions. Affected software: CosmWasm (pre-2.2.0). Root cause: insu...

CVE-2024-3282

CVE-2024-3282 affects the WP Table Builder WordPress plugin up to version 1.5.0. Red Hat and NVD entries describe a stored cross-site scripting vulnerability in table data that could allow high-privilege users (e.g., administrators) to inject XSS even when unfiltered_html is disallowed (such as i...

CVE-2024-6724

The CVE-2024-6724 entry concerns the WordPress plugin Generate Images – Magic Post Thumbnail (versions before 5.2.8). The issue is that several settings are not properly sanitized/escaped, enabling Stored XSS by high-privilege users (e.g., Administrators) even when unfiltered_html is disallowed (...

Cross site scripting

The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example...

Cross site scripting

The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-2170

The Microsoft Advertising Universal Event Tracking UET WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Due to the nature of this...

CVE-2021-24533

The Maintenance WordPress plugin before 4.03 does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them even when the unfilteredhtml capability is disallowed, which will be triggered in the frontend...

Access Restrictions Bypass

The kernel is vulnerable to Access Restrictions Bypass. A missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules...

kernel: security and bugfix update (important)

The Linux kernel was updated to fix various bugs and security issues: CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACESETREGS ptrace system call in a crafted application, as demonstrated by ptracedeath. CVE-2013-0160...

CVE-2013-0268

The msropen function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c...