Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path

Exploit Title: Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path Exploit Author: CENACIF-MX Discovery Date: 2025-12-04 Vendor Homepage: https://support.lenovo.com/es/es/solutions/legionspace Tested Version: 1.7.11.2 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft...

📄 Lenovo LegionSpace 1.7.11.2 Unquoted Service Path

Lenovo LegionSpace version 1.7.11.2 suffers from an unquoted service path vulnerability. Exploit Title: Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path Exploit Author: CENACIF-MX Discovery Date: 2025-12-04 Vendor Homepage: https://support.lenovo.com/es/es/solutions/legionspace...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Fix: Use strings instead of literals when defining tracepoints for DA monitors. Using DA monitor tracepoints with KASAN enabled triggers the following warning: Bug: KASAN: Global-out-of-bounds access in...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure that the DAID handling is completed before deleting an NPIV instance. Deleting an NPIV instance requires that all fabric ndlps be released before NPIV’s resources can be destroyed. Failure to release the fabric...

CVE-2026-1805 DA Media GigList <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'list_title' Shortcode Attribute

The DA Media GigList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's damediagiglist shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress DA Media GigList plugin <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'list_title' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'listtitle' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin DA Media GigList versions = 1.9.0...

WordPress plugin DA Media GigList 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-23841

The DA Media GigList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's damedia giglist shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-43299

An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

Malicious code in rt-da-classic-card-collection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40df14bf87fe4eb4e065fda942f953028db00c5e8148c1c1ccc2f6cf623d3611 The package rt-da-classic-card-collection was found to contain malicious code. Source: ghsa-malware...

MAL-2026-137 Malicious code in rt-da-classic-card-collection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40df14bf87fe4eb4e065fda942f953028db00c5e8148c1c1ccc2f6cf623d3611 The package rt-da-classic-card-collection was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-136808

Malicious code in imugiay-ajvog-da npm...

EUVD-2025-137807

Malicious code in astam-ifut-da npm...

EUVD-2025-137956

Malicious code in astam-ifst-da npm...

Malicious code in nuyar-da-rato (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 499586760e262e7b2451db09870632e4fa60826d5e99018e4d6c40347f5f4123 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-139108

Malicious code in nuyar-da-rof npm...

EUVD-2025-139103

Malicious code in nuyar-da-rofdaadid npm...

EUVD-2025-139116

Malicious code in nuyar-da-raatado npm...

EUVD-2025-139102

Malicious code in nuyar-da-rofdad npm...

MAL-2025-176013 Malicious code in miba-da-nutr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5801edd23b1fa41515478e5baa665ff8fddd75573b0d55846654d507ef1dfc80 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...