125 matches found
CLSA-2025-1765208529 vim: Fix of 2 CVEs
CVE-2025-53906: drop leading ../ on write of zipfiles, don't forcefully overwrite existing files - CVE-2025-29768: use glob '-' to protect filenames starting with '-'...
CLSA-2025-1762540530 Fix CVE(s): CVE-2020-10745, CVE-2022-42898
SECURITY UPDATE: DNS string buffer overflow - debian/patches/CVE-2020-10745.patch: add input validation to prevent buffer overflows when handling DNS/NBT names with consecutive dots or exceeding RFC 1035 255-byte limit. The fix enforces proper bounds checking and component length validation in...
go-jose: Go JOSE's Parsing Vulnerable to Denial of Service
A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large numb...
EUVD-2022-54801
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on inlinedots inode As Wenqing reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215765 It will cause a kernel panic with steps: - mkdir mnt - mount tmp40.img mnt - ls mnt...
EUVD-2025-15737
Malicious code in bioql PyPI...
Malicious code in com.unity.dots.runtime (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-47627 Malicious code in com.unity.dots.runtime (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in a-vailable-al-bum-file-9447-dots-and-loops-ee4hh-qjicit (npm)
The package a-vailable-al-bum-file-9447-dots-and-loops-ee4hh-qjicit was found to contain malicious code...
MAL-2025-13926 Malicious code in a-vailable-al-bum-file-9447-dots-and-loops-ee4hh-qjicit (npm)
The package a-vailable-al-bum-file-9447-dots-and-loops-ee4hh-qjicit was found to contain malicious code...
OESA-2025-1941 apache-commons-vfs security update
Commons VFS provides a uniform view of files through a single API which is designed for accessing various different file systems. These file systems could be a local disk, an HTTP server or a ZIP archive file. The key features are listed as follows: The API is consistent among various file types...
apache-commons-vfs: Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT
A flaw was found in Apache Commons VFS. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains...
CVE-2024-23340
@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with url behavior that is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request...
CVE-2025-22789
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fyrewurks polka dots allows Reflected XSS.This issue affects polka dots: from n/a through 1.2...
CVE-2025-22789
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fyrewurks polka dots allows Reflected XSS.This issue affects polka dots: from n/a through 1.2...
CVE-2025-22789 WordPress polka dots theme <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fyrewurks polka dots allows Reflected XSS.This issue affects polka dots: from n/a through 1.2...
CVE-2025-22789 WordPress polka dots theme <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fyrewurks polka dots allows Reflected XSS.This issue affects polka dots: from n/a through 1.2...
CVE-2025-22789
CVE-2025-22789 affects the WordPress polka dots theme (versions up to 1.2). Root cause: improper neutralization of input during web page generation, enabling a reflected XSS. Impact: potential script execution in a victim’s browser (CVSS v3.1 base score 7.1; network attack, no privileges, user in...
PT-2025-22001 · Unknown · Polka Dots
Name of the Vulnerable Software and Affected Versions: polka dots versions 1.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject...
go-jose: Go JOSE's Parsing Vulnerable to Denial of Service
A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large numb...
go-jose: Go JOSE's Parsing Vulnerable to Denial of Service
A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large numb...