4439 matches found
CVE-2024-9699
A vulnerability in the file upload functionality of the FlatPress CMS admin panel version latest allows an attacker to upload a file with a JavaScript payload disguised as a filename. This can lead to a Cross-Site Scripting XSS attack if the uploaded file is accessed by other users. The issue is...
CVE-2024-11602 CORS Vulnerability in feast-dev/feast
A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...
CVE-2024-11602
CVE-2024-11602 affects feast-dev/feast v0.40.0. The CORS configuration on the agentscope server does not restrict access to trusted origins, allowing requests from any external domain. This can bypass security controls and potentially expose sensitive information. The provided documents do not sp...
CVE-2024-11602 CORS Vulnerability in feast-dev/feast
A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...
CVE-2024-9847 Cross-Site Request Forgery (CSRF) in flatpressblog/flatpress
FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery CSRF attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authenticated user, will send a request to the FlatPress...
CVE-2024-9847 Cross-Site Request Forgery (CSRF) in flatpressblog/flatpress
FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery CSRF attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authenticated user, will send a request to the FlatPress...
MAL-2025-2565 Malicious code in airbnb-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e763bf852511956872170a0e0f35a90f9cded742c1b3e0f42b094bf3f13e224 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in airbnb-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e763bf852511956872170a0e0f35a90f9cded742c1b3e0f42b094bf3f13e224 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
The vulnerability of the `__sev_snp_shutdown_locked()` function in the drivers/crypto/ccp/sev-dev.c module of the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the sevsnpshutdownlocked function in the drivers/crypto/ccp/sev-dev.c module of the Linux operating system is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...
Malicious code in dev-debugger-vite (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 836268a49761be0bbcd6dd89283cbaceea33d8ddf28b8fec0ca5337c318eba52 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2372 Malicious code in dev-debugger-vite (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 836268a49761be0bbcd6dd89283cbaceea33d8ddf28b8fec0ca5337c318eba52 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2025-20533
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference issue has been identified in the Linux kernel's USB gadget functionality, specifically in the ast vhub init dev function. The variable d-name, returned by devm...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.19.0 release
Red Hat OpenShift Dev Spaces 3.19 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System...
btrfs: don't take dev_replace rwsem on task already holding it
...
AZL-58515 CVE-2025-21858 affecting package kernel for versions less than 6.6.82.1-1
In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in genevefinddev. syzkaller reported a use-after-free in genevefinddev 0 without repro. geneveconfigure links struct genevedev.next to netgenericnet, genevenetid-genevelist. The net here could differ fr...
DEBIAN-CVE-2025-21858
In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in genevefinddev. syzkaller reported a use-after-free in genevefinddev 0 without repro. geneveconfigure links struct genevedev.next to netgenericnet, genevenetid-genevelist. The net here could differ fr...
UBUNTU-CVE-2025-21858
In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in genevefinddev. syzkaller reported a use-after-free in genevefinddev 0 without repro. geneveconfigure links struct genevedev.next to netgenericnet, genevenetid-genevelist. The net here could differ fr...
MAL-2025-2289 Malicious code in customer-identity-mfe-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3f4bceaecd0bf3f0387bb417a86c4c6e4f53764a6a38ce58717d12c68b024cfe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in customer-identity-mfe-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3f4bceaecd0bf3f0387bb417a86c4c6e4f53764a6a38ce58717d12c68b024cfe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Linux Distros Unpatched Vulnerability : CVE-2021-40978
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the...