CVE-2025-21547

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications component: Opera Servlet. Supported versions that are affected are 5.6.19.20, 5.6.25.8, 5.6.26.6 and 5.6.27.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP t...

CVE-2025-21497

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

PT-2025-5635 · Sp1 · Sp1

Name of the Vulnerable Software and Affected Versions: SP1 versions prior to 4.0.0 Description: The issue concerns the validation of the chip ordering provided by the prover in SP1's STARK verifier, which was missing prior to version 4.0.0. This allowed for potential incorrect indexing of chips...

UBUNTU-CVE-2024-55881

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in completehypercallexit Use is64bithypercall instead of is64bitmode to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP,...

MAL-2024-12031 Malicious code in react-multer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 876139b096ddb1bf239489a666a6248e65ba5512906c207b40104c7efe2f1616 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12026 Malicious code in pushservicejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8875b705a6e055665ad1912b3f5aeca6578af2778e4b541e7061ae20d6ecbd01 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mockapie (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c6ab6842511adb800a707783d5712c9ef0fab67ae37078975c9a8580aa6121f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11831 Malicious code in imran-downloader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15461cfacc497cef71b31228912fc6fdb11bee1b51f4f93604e7efa6337b63c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Oracle Siebel Server <= 22.10 (April 2023 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by a vulnerability as referenced in the April 2023 CPU advisory. - Vulnerability in the Siebel CRM product of Oracle Siebel CRM component: Siebel Core - Server Infrastructure OpenSSL. Supported versions that are affected...

Oracle Siebel Server 8.5.1.x <= 8.5.1.7 / 8.6.0 / 8.6.1 (April 2019 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2019 CPU advisory. - Vulnerability in the Oracle Knowledge component of Oracle Siebel CRM subcomponent: Information Manager Console Apache Xalan. Supported versions...

Oracle Siebel Server <= 23.7 (January 2024 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by a vulnerability as referenced in the January 2024 CPU advisory. - Vulnerability in the Siebel CRM product of Oracle Siebel CRM component: EAI Jettison. Supported versions that are affected are Prior to 23.8. Easily...

Laravel 11.0 Cross Site Scripting

/! - VULNERABILITY: Cross Site Scripting Laravel version 11.0 - Authenticated Persistent XSS - GOOGLE DORK: inurl:.com/?q= - GOOGLE DORK: Site:.com/?q= - DATE: 2024-12-01 - SECURITY RESEARCHER: E1.Coders - VENDOR: LARAVEL https://laravel.com/ - SOFTWARE LINK:...

Malicious code in commitlint-plugin-marketing-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e40a92c14d0b0d561bab0beb5da5e3d3dfb66d329e8b0ff2100fb7a8a87468b4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-4343

A Python command injection vulnerability exists in the SagemakerLLM class's complete method within ./privategpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval function to parse a...

CVE-2024-4343

A Python command injection vulnerability exists in the SagemakerLLM class's complete method within ./privategpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval function to parse a...

CVE-2024-4343

The CVE-2024-4343 entry describes a Python command injection in the imartinez/privategpt project. Affected component: SagemakerLLM.complete() in ./private_gpt/components/llm/custom/sagemaker.py, with versions up to and including 0.3.0. Root cause: unsafe parsing of a remote SageMaker LLM endpoint...

Virtuozzo Hybrid Server For WHMCS 安全漏洞

Virtuozzo Hybrid Server For WHMCS is a Virtuozzo Hybrid Server For WHMCS from Virtuozzo. A security vulnerability exists in Virtuozzo Hybrid Server For WHMCS version v.1.7.1. An attacker can obtain sensitive information by modifying the hostname...

The vulnerability of the driver installer for Intel Ethernet Adapter Complete Driver Pack allows a hacker to gain elevated privileges.

The vulnerability of the driver installer for Intel Ethernet Adapter Complete Driver Pack is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow attackers to increase their privileges...

kernel: spi: fix null pointer dereference within spi_sync

In the Linux kernel, the following vulnerability has been resolved: spi: fix null pointer dereference within spisync If spisync is called with the non-empty queue and the same spimessage is then reused, the complete callback for the message remains set while the context is cleared, leading to a...

kernel: null_blk: fix poll request timeout handling

In the Linux kernel, the following vulnerability has been resolved: nullblk: fix poll request timeout handling When doing iouring benchmark on /dev/nullb0, it's easy to crash the kernel if poll requests timeout triggered, as reported by David. 1 BUG: kernel NULL pointer dereference, address:...