6052 matches found
CVE-2025-25620
CVE-2025-25620 affects Unifiedtransform 2.0 with a Stored XSS vulnerability in the Create assignment function. The issue enables attacker-controlled scripts to run in other users’ sessions, with PoC details indicating a stored XSS path via assignment creation/uploaded content and impact described...
CVE-2025-25620
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting XSS in the Create assignment function...
Unifiedtransform 跨站脚本漏洞
Unifiedtransform is an open source school management software from the individual developer Hasib Mahmud. A security vulnerability exists in Unifiedtransform version 2.0, which stems from a cross-site scripting vulnerability in the Create assignment function...
CVE-2025-25620
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting XSS in the Create assignment function...
net: inet: do not leave a dangling sk pointer in inet_create()
...
net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
...
Exploit for Cross-site Scripting in Changeweb Unifiedtransform
CVE-2025-25620 Unifiedtransform v2.0 is vulnerable to Stored...
PT-2025-9871 · Unknown · Unifiedtransform
Name of the Vulnerable Software and Affected Versions: Unifiedtransform version 2.0 Description: The issue is related to Cross Site Scripting XSS in the Create assignment function, allowing attackers to execute malicious scripts in the context of other users. Recommendations: For Unifiedtransform...
Malicious code in @ton-wallet/create (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d32db786acddb2de3383780a06c377b94cbe49ae5c8ddb811d5f9175bc0c9dbe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-25948
Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR v1.0.118 allows create and modify user accounts, including an Administrator account...
Serosoft Solutions Academia Student Information System EagleR 安全漏洞
Serosoft Solutions Academia Student Information System EagleR is a student information system from Serosoft Solutions, India. A security vulnerability exists in Serosoft Solutions Academia Student Information System EagleR v1.0.118, which stems from improper access control in the...
PT-2025-9238
Name of the Vulnerable Software and Affected Versions Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR version 1.0.118 Description The issue concerns incorrect access control in the /rest/staffResource/create component, allowing the creation and modification of user...
CVE-2024-2297
The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the createautosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above...
DEBIAN-CVE-2025-21735
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Add bounds checking in ncihcicreatepipe The "pipe" variable is a u8 which comes from the network. If it's more than 127, then it results in memory corruption in the caller, ncihciconnectgate...
UBUNTU-CVE-2025-21735
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Add bounds checking in ncihcicreatepipe The "pipe" variable is a u8 which comes from the network. If it's more than 127, then it results in memory corruption in the caller, ncihciconnectgate...
SUSE CVE-2022-49064
In the Linux kernel, the following vulnerability has been resolved: cachefiles: unmark inode in use in error path Unmark inode in use if error encountered. If the in-use flag leakage occurs in cachefilesopenfile, Cachefiles will complain "Inode already in use" when later another cookie with the...
SUSE CVE-2022-49284
In the Linux kernel, the following vulnerability has been resolved: coresight: syscfg: Fix memleak on registration failure in cscfgcreatedevice deviceregister calls deviceinitialize, according to doc of deviceinitialize: Use putdevice to give up your reference instead of freeing @dev directly onc...
SUSE CVE-2022-49388
In the Linux kernel, the following vulnerability has been resolved: ubi: ubicreatevolume: Fix use-after-free when volume creation failed There is an use-after-free problem for 'ebatbl' in ubicreatevolume's error handling path: ubiebareplacetablevol, ebatbl vol-ebatbl = tbl outmapping:...
SUSE CVE-2022-49410
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential double free in createvarref In createvarref, initvarref is called to initialize the fields of variable reffield, which is allocated in the previous function call to createhistfield. Function initvarref...
SUSE CVE-2022-49469
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix anondev leak in createsubvol When btrfsqgroupinherit, btrfsalloctreeblock, or btrfsinsertroot fail in createsubvol, we return without freeing anondev. Reorganize the error handling in createsubvol to fix this...