210 matches found
UBUNTU-CVE-2022-50730
In the Linux kernel, the following vulnerability has been resolved: ext4: silence the warning when evicting inode with dioreadnolock When evicting an inode with default dioreadnolock, it could be raced by the unwritten extents converting kworker after writeback some new allocated dirty blocks. It...
Revive Adserver stats-conversions.php script cross-site scripting vulnerability
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...
CVE-2025-52668
Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack...
EUVD-2025-198343
Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack...
CVE-2025-52668
Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack...
CVE-2025-52668
Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack...
CVE-2025-52668
Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack...
PT-2025-47618
Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack...
[SECURITY] Fedora 43 Update: GeographicLib-2.5.2-1.fc43
GeographicLib is a small set of C++ classes for performing conversions between geographic, UTM, UPS, MGRS, geocentric, and local Cartesian coordinates, for gravity e.g., EGM2008, geoid height and geomagnetic field e.g., WMM2010 calculations, and for solving geodesic problems. The emphasis is on...
kernel: HID: core: Harden s32ton() against conversion to 0 bits
In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should...
EUVD-2022-7399
Malicious code in bioql PyPI...
p0wnedShell
This is an offensive PowerShell host application written in C that runs PowerShell commands and functions within a PowerShell runspace environment. It includes various offensive PowerShell modules and binaries to facilitate post-exploitation activities, such as bypassing mitigations and creating...
UBUNTU-CVE-2025-38660
In the Linux kernel, the following vulnerability has been resolved: ceph parselongname: strrchr expects NUL-terminated string ... and parselongname is not guaranteed that. That's the reason why it uses kmemdupnul to build the argument for kstrtou64; the problem is, kstrtou64 is not the only thing...
MAL-2025-17287 Malicious code in color-convert-conversions (npm)
The package color-convert-conversions was found to contain malicious code...
Malicious code in color-convert-conversions (npm)
The package color-convert-conversions was found to contain malicious code...
BIT-LIBPHP-2020-7060 global buffer-overflow in mbfl_filt_conv_big5_wchar
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbflfiltconvbig5wchar to read past the allocated buffer. This may lead to information disclosur...
USN-7619-1: libssh vulnerabilities
Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-4877 Ronald Crane discovered that libssh incorrectly handled the...
NeKernel 安全漏洞
NeKernel is a kernel operating system from NeKernel Open Source. A security vulnerability exists in versions prior to NeKernel 0.0.3 that stems from unchecked memory operations, unsafe type conversions, and improper input validation, which could lead to memory corruption, disk image corruption,...
[SECURITY] Fedora 42 Update: mingw-icu-76.1-3.fc42
ICU is a set of C and C++ libraries that provides robust and full-featured Unicode and locale support. The library provides calendar support, conversions for many character sets, language sensitive collation, date and time formatting, support for many locales, message catalogs and resources,...
Amazon Linux 2 : ghostscript (ALAS-2025-2820)
The version of ghostscript installed on the remote host is prior to 9.54.0-9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2820 advisory. Fix confusion between bytes and shorts. Data is being copied from a string in multiple of shorts, rather than multipl...