288 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Fix: Use strings instead of literals when defining tracepoints for DA monitors. Using DA monitor tracepoints with KASAN enabled triggers the following warning: Bug: KASAN: Global-out-of-bounds access in...
📄 Lenovo LegionSpace 1.7.11.2 Unquoted Service Path
Lenovo LegionSpace version 1.7.11.2 suffers from an unquoted service path vulnerability. Exploit Title: Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path Exploit Author: CENACIF-MX Discovery Date: 2025-12-04 Vendor Homepage: https://support.lenovo.com/es/es/solutions/legionspace...
Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path
Exploit Title: Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path Exploit Author: CENACIF-MX Discovery Date: 2025-12-04 Vendor Homepage: https://support.lenovo.com/es/es/solutions/legionspace Tested Version: 1.7.11.2 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft...
CVE-2026-1805 DA Media GigList <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'list_title' Shortcode Attribute
The DA Media GigList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's damediagiglist shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress DA Media GigList plugin <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'list_title' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'listtitle' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin DA Media GigList versions = 1.9.0...
PT-2026-23841
The DA Media GigList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's damedia giglist shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin DA Media GigList 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2023-43299
An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...
Malicious code in rt-da-classic-card-collection (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40df14bf87fe4eb4e065fda942f953028db00c5e8148c1c1ccc2f6cf623d3611 The package rt-da-classic-card-collection was found to contain malicious code. Source: ghsa-malware...
MAL-2026-137 Malicious code in rt-da-classic-card-collection (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40df14bf87fe4eb4e065fda942f953028db00c5e8148c1c1ccc2f6cf623d3611 The package rt-da-classic-card-collection was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-137807
Malicious code in astam-ifut-da npm...
EUVD-2025-136808
Malicious code in imugiay-ajvog-da npm...
EUVD-2025-137956
Malicious code in astam-ifst-da npm...
EUVD-2025-139116
Malicious code in nuyar-da-raatado npm...
Malicious code in nuyar-da-rof (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffe7027c7c8d50505b1ae921ba1136f1d1140bc4878691976b4771d95a508025 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-139112
Malicious code in nuyar-da-radatidado npm...
EUVD-2025-139110
Malicious code in nuyar-da-rato npm...
Malicious code in nuyar-da-ratao (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 944062e1ceadd396c0968c90f811253c1b591dfb649f019a580e5a126aac04ee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-139107
Malicious code in nuyar-da-rofa npm...
EUVD-2025-139106
Malicious code in nuyar-da-rofad npm...