13682 matches found
CVE-2025-24027 ps_contactinfo has potential XSS due to usage of the nofilter tag in template
pscontactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting XSS vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example...
CVE-2024-57945 riscv: mm: Fix the out of bound issue of vmemmap address
In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Fix the out of bound issue of vmemmap address In sparse vmemmap model, the virtual address of vmemmap is calculated as: struct page VMEMMAPSTART - physrambase PAGESHIFT. And the struct page's va can be calculated with ...
VulnCheck KEV: CVE-2023-26134
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands...
CVE-2025-23044 Cross-Site Request Forgery (CSRF) allows creating admin account with POST request
PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit...
PT-2025-4789 · Pwndoc · Pwndoc
Name of the Vulnerable Software and Affected Versions: PwnDoc versions prior to the version that includes commit 14acb704891245bf1703ce6296d62112e85aa995 Description: PwnDoc is a penetration test report generator that lacks CSRF protection, allowing attackers to send requests on a logged-in user'...
CVE-2025-21634
CVE-2025-21634 concerns the Linux kernel cpuset/cgroup path where kernfs active protection can be broken during concurrent cpuset writes, triggering a warning and potential deadlock risk. The root cause involved a sequence of hotplug-related changes that async/sync cpuset processing and previousl...
PT-2025-2192 · Newtec · Newtec/Idirect Ntc2299 +2
Name of the Vulnerable Software and Affected Versions: Newtec/iDirect NTC2218, NTC2250, NTC2299 versions 1.0.1.1 through 2.2.6.19 Description: The issue affects the commit multicast page in the modem's web administration interface, which improperly parses incoming data from the request before...
PT-2025-2932 · Unknown +1 · Gomatrixserverlib +1
Name of the Vulnerable Software and Affected Versions: Gomatrixserverlib affected versions not specified Description: Gomatrixserverlib is a Go library for matrix federation. It is vulnerable to server-side request forgery, serving content from a private network it can access, under certain...
DEBIAN-CVE-2024-57886
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix new damontarget objects leaks on damoncommittargets Patch series "mm/damon/core: fix memory leaks and ignored inputs from damoncommitctx". Due to two bugs in damoncommittargets and damoncommitschemes, which are...
UBUNTU-CVE-2024-52006
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems mos...
PT-2025-3019 · Discourse · Discourse Ai
Name of the Vulnerable Software and Affected Versions: Discourse AI affected versions not specified Description: The issue concerns the Discourse AI plugin, which provides AI features. When sharing conversations from the Discourse AI Bot into posts, HTML entities from the conversation could leak...
PT-2025-7091
Name of the Vulnerable Software and Affected Versions: FFmpeg versions prior to commit d5873b Description: A memory leak was discovered in the libavutil/mem.c component. Recommendations: For versions prior to commit d5873b, update to a version that includes the fix for the memory leak in the...
PT-2025-7092
Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to commit d5873b Description The vulnerability is a memory leak in the libavutil/iamf.c component. Exploitation may allow a remote attacker to disclose protected information. The vulnerability can be exploited to crash...
CVE-2024-57839
In the Linux kernel, the following vulnerability has been resolved: Revert "readahead: properly shorten readahead when falling back to dopagecachera" This reverts commit 7c877586da3178974a8a94577b6045a48377ff25. Anders and Philippe have reported that recent kernels occasionally hang when used wit...
DEBIAN-CVE-2024-57839
In the Linux kernel, the following vulnerability has been resolved: Revert "readahead: properly shorten readahead when falling back to dopagecachera" This reverts commit 7c877586da3178974a8a94577b6045a48377ff25. Anders and Philippe have reported that recent kernels occasionally hang when used wit...
CVE-2024-57843
CVE-2024-57843 : In the Linux kernel, a vulnerability in virtio-net can cause overflow in virtnet_rq_alloc when a fragment spans a page and the total buffer size plus virtnet_rq_dma exceeds one page. This can lead to reliable VM crashes or SCP failures. Root cause: virtnet_rq_dma reserves 16 byte...
CVE-2024-57839
Technical details for CVE-2024-57839 are not provided in the connected documents. Public info appears limited to the initial description; monitor for official advisories for affected products, impact, and fixes.
CVE-2024-57839 Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()"
In the Linux kernel, the following vulnerability has been resolved: Revert "readahead: properly shorten readahead when falling back to dopagecachera" This reverts commit 7c877586da3178974a8a94577b6045a48377ff25. Anders and Philippe have reported that recent kernels occasionally hang when used wit...
DEBIAN-CVE-2024-57806
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction atomicity bug when enabling simple quotas Set squota incompat bit before committing the transaction that enables the feature. With the config CONFIGBTRFSASSERT enabled, an assertion failure occurs regarding...
CVE-2024-12084
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...