Malicious code in bitunix-dev (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in bitrue-dev (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-2847 Malicious code in bitrue-dev (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in bifinance-dev (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-2842 Malicious code in bifinance-dev (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in azbit-dev (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-2838 Malicious code in azbit-dev (npm)

--- -= Per source details. Do not edit below this line.=-...

DEBIAN-CVE-2023-52929

In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix cleanup after devsetname If devsetname fails, we leak nvmem-wpgpio as the cleanup does not put this. While a minimal fix for this would be to add the gpiodput call, we can do better if we split deviceregister, an...

UBUNTU-CVE-2023-52929

In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix cleanup after devsetname If devsetname fails, we leak nvmem-wpgpio as the cleanup does not put this. While a minimal fix for this would be to add the gpiodput call, we can do better if we split deviceregister, an...

Exploit for CVE-2025-30208

CVE-2025-30208-LFI !IMPORTANT Disclaimer This exploit...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from improper cleanup after nvmem kernel devsetname...

Exploit for CVE-2025-30208

中文 | English Vite Dev Server Vulnerability...

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-30260 DESCRIPTION: Node.js undici module could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw wit...

GHSA-X574-M823-4X7W Vite bypasses server.fs.deny when using ?raw??

Summary The contents of arbitrary files can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Details @fs denies access to files outside of Vite serving allow list. Adding ?raw?? or...

Malicious code in bootstrap_dev_scratch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40332b73ea061eb436ac01a90cf6ea7447f7117047d2ea136f6f91a97da86426 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Deserialization of Untrusted Data

Overview yiisoft/yii2-dev is a Fast, Secure and Professional PHP Framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the Symfony getIterator function. Details Serialization is a process of converting an object into a sequence of bytes which can be...

CVE-2024-9699

A vulnerability in the file upload functionality of the FlatPress CMS admin panel version latest allows an attacker to upload a file with a JavaScript payload disguised as a filename. This can lead to a Cross-Site Scripting XSS attack if the uploaded file is accessed by other users. The issue is...

CVE-2024-9847

FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery CSRF attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authenticated user, will send a request to the FlatPress...

The vulnerability of the void() function in the drivers/net/ethernet/pensando/ionic/ionic_dev.h module of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the void function in the drivers/net/ethernet/pensando/ionic/ionicdev.h module of the Linux kernel lies in the execution of a loop without sufficient restrictions on its execution count. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2024-9847

FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery CSRF attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authenticated user, will send a request to the FlatPress...