Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fixed the issue where sclpinit fails and does not clean up properly. If sclpinit fails, it only partially cleans up resources. If there are multiple failed calls to sclpinit, sclpstatechangeevent will be added multiple...

CVE-2026-43103 net: lapbether: handle NETDEV_PRE_TYPE_CHANGE

In the Linux kernel, the following vulnerability has been resolved: net: lapbether: handle NETDEVPRETYPECHANGE lapbethdatatransmit expects the underlying device type to be ARPHRDETHER. Returning NOTIFYBAD from lapbethdeviceevent makes sure bonding driver can not break this expectation...

GHSA-JJP3-MQ3X-295M Electron: Use-after-free in PowerMonitor on Windows and macOS

Impact Apps that use the powerMonitor module may be vulnerable to a use-after-free. After the native PowerMonitor object is garbage-collected, the associated OS-level resources a message window on Windows, a shutdown handler on macOS retain dangling references. A subsequent session-change event...

CVE-2025-12356

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxchangeticketstatus' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers,...

EUVD-2017-16151

Malware in sbrugna...

EUVD-2023-33703

Malicious code in bioql PyPI...

CVE-2025-9799

A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request...

CVE-2025-9799 Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery

A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request...

langfuse 代码问题漏洞

langfuse is a large language model engineering platform open-sourced by Langfuse. A code issue vulnerability exists in langfuse 3.88.0 and earlier versions, which stems from a misuse of the function promptChangeEventSourcing in the file web/src/features/prompts/server/routers/promptRouter.ts...

PT-2025-35514

Name of the Vulnerable Software and Affected Versions: Langfuse versions through 3.88.0 Description: A security flaw exists in Langfuse, potentially leading to server-side request forgery. The vulnerability is located in the promptChangeEventSourcing function within the...

GHSA-R735-9GC6-2HVQ Cross-site Scripting (XSS) - DOM in janeczku/calibre-web

A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...

Cross-site Scripting (XSS) - DOM in janeczku/calibre-web

A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...

CVE-2021-3988

A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that if the sclpinit function fails, it only partially cleans up, resulting in a warning being...

CVE-2023-2187

On Triangle MicroWorks' SCADA Data Gateway version = v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event"...

Siemens Siveillance VMS Authorization Bypass Vulnerability

Siemens Siveillance VMS is a set of surveillance video management software from Siemens Germany. A security vulnerability exists in Siemens Siveillance VMS. An attacker could exploit the vulnerability to change user-defined event attributes...

Design/Logic Flaw

An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "UIKit" component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event...

CVE-2017-7113

An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "UIKit" component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event...

CVE-2017-7113

The CVE-2017-7113 entry affects Apple iOS prior to 11.1 and specifically targets the UIKit component. The issue allows characters in a secure text field to be revealed during focus-change events, indicating a local-type disclosure vulnerability in the secure input handling. The Apple security pag...

Google Chrome Blink Memory Misreference Vulnerability (CNVD-2015-01547)

Google Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in the core/html/HTMLInputElement.cpp file in the DOM implementation of Blink used in versions prior to Google Chrome 41.0.2272.76. A remote attacker can exploit this vulnerability to cause a denia...