CVE-2025-40351 hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in hfsplusdeletecat The syzbot reported issue in hfsplusdeletecat: 70.682285 T9333 ===================================================== 70.682943 T9333 BUG: KMSAN: uninit-value in...

CVE-2025-40351 hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in hfsplusdeletecat The syzbot reported issue in hfsplusdeletecat: 70.682285 T9333 ===================================================== 70.682943 T9333 BUG: KMSAN: uninit-value in...

CVE-2025-40351

CVE-2025-40351: In the Linux kernel, the hfsplus code fix addresses a KMSAN uninit-value issue in hfsplus_delete_cat(), triggered during directory creation and mounting paths (as shown by the syzbot trace for hfsplus_subfolders_dec and related calls). The description indicates the issue being res...

EUVD-2025-203455

A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

Autodesk Shared Components 安全漏洞

Autodesk Shared Components is a component of Autodesk USA. A security vulnerability exists in Autodesk Shared Components that originates from an out-of-bounds read when parsing a specially crafted CATPRODUCT file, which could result in a crash, read sensitive data, or execute arbitrary code...

CVE-2025-14366 Eyewear prescription form <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary WooCommerce Product Creation

The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing authorization checks on the SubmitCatProductRequest AJAX action. This makes it possible for unauthenticated attackers to create arbitrary...

CVE-2025-14259

A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument catid results in sql injection. The attack may be launched remotely. The exploit has been made public and...

CVE-2025-14259

The CVE-2025-14259 issue affects Jihai Jshop MiniProgram Mall System 2.9.0, specifically a SQL injection in /index.php/api.html through manipulation of the cat_id parameter. The vulnerability can be exploited remotely and a public exploit exists. Several connected sources corroborate the existenc...

CVE-2025-14259 Jihai Jshop MiniProgram Mall System api.html sql injection

A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument catid results in sql injection. The attack may be launched remotely. The exploit has been made public and...

PT-2025-49584

A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument cat id results in sql injection. The attack may be launched remotely. The exploit has been made public and...

RLSA-2025:20478 Moderate: zziplib security update

The zziplib is a lightweight library to easily extract data from zip files. Security Fixes: zziplib: directory traversal in unzzipcat in the bins/unzzipcat-mem.c CVE-2018-17828 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

EUVD-2025-179851

Malicious code in cat-meta-stack-minify-try npm...

EUVD-2025-179850

Malicious code in cat-minify-cold-reject-monitor npm...

EUVD-2025-179854

Malicious code in cat-big-code-star-encrypt npm...

EUVD-2025-180008

Malicious code in book-sanitize-cat-cold-class npm...

MAL-2025-187468 Malicious code in info-byte-simulate-cat-sudo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0027d2338d6014bc490d64b292626df8d2de44402c81596a7920b4d4fc8d485b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-175950

Malicious code in throw-bad-orchestrate-analyze-cat npm...

MAL-2025-189117 Malicious code in refactor-cat-epsilon-interface-monitor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936aecd5ce3be34ebc0072e78c7c6dce28d37fa9462635513930d07f7ba9df73 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179855

Malicious code in cat-air-xi-slow-visualize npm...

EUVD-2025-176993

Malicious code in protected-cat-mu-file-async npm...