4243 matches found
Astra Linux - уязвимость в linux-6.12
In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in tapriodevnotifier Since taprio’s tapriodevnotifier isn’t protected by an RCU read-side critical section, a race with advancesched can lead to a use-after-free. Adding rcureadlock inside...
Astra Linux - уязвимость в linux-6.12
In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in devuevent If userspace reads "uevent" device attribute at the same time as another threads unbinds the device from its driver, change to dev-driver from a valid pointer to NU...
Malicious code in client-vue3-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 949b1148db60c58f37c8fec03067aa1974329c0f5719de4425b8840f213b5f2e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4976 Malicious code in client-vue3-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 949b1148db60c58f37c8fec03067aa1974329c0f5719de4425b8840f213b5f2e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4913 Malicious code in zlib1g-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa6efdb438d569565922df7e3f3cd142e51dd3fb1e1fe0467a71399e26930faf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in zlib1g-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa6efdb438d569565922df7e3f3cd142e51dd3fb1e1fe0467a71399e26930faf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in libxslt1-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01dca888124ebee488c3fdffe46760b8062c7b090ec88b917cf55144e2f46289 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4847 Malicious code in libxslt1-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01dca888124ebee488c3fdffe46760b8062c7b090ec88b917cf55144e2f46289 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4846 Malicious code in libxml2-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4180cf36e11e0565c87f4377f677fff16f320850f8f544b98c24eecd3cd96c7e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4845 Malicious code in libssl-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a236578396bbbb5a2273314d10cf62bb325f71a390452983bfda4ea4fa89e3a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in libssl-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a236578396bbbb5a2273314d10cf62bb325f71a390452983bfda4ea4fa89e3a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in libffi-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 570b28ff882e484be3a59b834348694d7d3f5ec0f6e5aa712640fb0336ec6a88 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4843 Malicious code in libffi-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 570b28ff882e484be3a59b834348694d7d3f5ec0f6e5aa712640fb0336ec6a88 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-48053 Discourse vulnerable to DoS via large URL payload in PM to a bot
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance...
Cross-site WebSocket Hijacking
webpack-dev-server is vulnerable to Cross-site WebSocket hijacking. The vulnerability is due to improper Origin header validation, which permits IP address origins, allows attackers to hijack WebSocket connections and steal source code via malicious websites...
Discourse 安全漏洞
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email, and chat rooms. A security vulnerability exists in Discourse versions prior to 3.4.4, prior to 3.5.0.beta5, and prior to 3.5.0.beta6-dev, which stems fr...
Malicious code in dev-api-client (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 258921e8b616b5a24a74d27aabeedac0438ae3474367a670f6b8d4b3af7a6f26 Any computer that has this package installed or running should be considered...
MAL-2025-4740 Malicious code in dev-api-client (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 258921e8b616b5a24a74d27aabeedac0438ae3474367a670f6b8d4b3af7a6f26 Any computer that has this package installed or running should be considered...
WordPress Forminator plugin <= 1.44.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via id and data-size Parameters vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via id and data-size Parameters vulnerability discovered by Asaf Mozes in WordPress Plugin Forminator versions = 1.44.1...
Exposed Dangerous Method Or Function
webpack-dev-server is vulnerable to source code exposure. The vulnerability is due to lack of proper origin checks due to requests for classic scripts not being subject to the same-origin policy, allowing attackers to inject malicious scripts that extract source code if the port and script path a...