224 matches found
Malicious code in @epc-tools/testutil-cdk-expect-policy (npm)
The package @epc-tools/testutil-cdk-expect-policy was found to contain malicious code...
Malicious code in @epc-libraries/common-api-responses (npm)
The package @epc-libraries/common-api-responses was found to contain malicious code...
Malicious code in @epc-libraries/common-types (npm)
The package @epc-libraries/common-types was found to contain malicious code...
MAL-2025-7835 Malicious code in @epc-apps/api-version-test (npm)
The package @epc-apps/api-version-test was found to contain malicious code...
WordPress KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme Theme <= 4.21.0 is vulnerable to Local File Inclusion
Software KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme Type Theme Vulnerable versions = 4.21.0 Fixed in 4.22.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2025-6991 Patch priority Low CVSS severity Low 7.5 Developer EPC PSID 34bd1e68ee25 Credits stealthcopt...
SUSE CVE-2025-38334
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Prevent attempts to reclaim poisoned pages TL;DR: SGX page reclaim touches the page to copy its contents to secondary storage. SGX instructions do not gracefully handle machine checks. Despite this, the existing SGX code...
DEBIAN-CVE-2025-38334
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Prevent attempts to reclaim poisoned pages TL;DR: SGX page reclaim touches the page to copy its contents to secondary storage. SGX instructions do not gracefully handle machine checks. Despite this, the existing SGX code...
AZL-72587 CVE-2025-38334 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Prevent attempts to reclaim poisoned pages TL;DR: SGX page reclaim touches the page to copy its contents to secondary storage. SGX instructions do not gracefully handle machine checks. Despite this, the existing SGX code...
AZL-65009 CVE-2025-38334 affecting package kernel for versions less than 6.6.96.1-1
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Prevent attempts to reclaim poisoned pages TL;DR: SGX page reclaim touches the page to copy its contents to secondary storage. SGX instructions do not gracefully handle machine checks. Despite this, the existing SGX code...
UBUNTU-CVE-2022-50146
In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dwpcieepinit errors If dwpcieepinit fails to perform any action after the EPC memory is initialized and the MSI memory region is allocated, the latter parts won't be undone thus causing a memory...
WordPress School Management plugin <= 93.0.0 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Aiden Thái An in WordPress Plugin School Management versions = 93.0.0...
WordPress Photography Theme <= 7.5.2 is vulnerable to PHP Object Injection
Software Photography Type Theme Vulnerable versions = 7.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-47579 Patch priority High CVSS severity High 9 Developer EPC PSID f3488f35689e Credits Rafie Muhammad Patchstack Required privilege Unauthenticated...
WordPress Motors - Events plugin <= 1.4.7 - Unauthenticated Local File Inclusion vulnerability
WordPress Motors - Events plugin = 1.4.7 - Unauthenticated Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Motors - Events versions = 1.4.7...
WordPress WooCommerce Ultimate Gift Card plugin <= 2.9.6 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Bonds in WordPress Plugin WooCommerce Ultimate Gift Card versions = 2.9.6...
WordPress WooCommerce Photo Reviews plugin <= 1.3.13 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Seb in WordPress Plugin WooCommerce Photo Reviews versions = 1.3.13...
WordPress Blog Designer PRO plugin <= 3.4.7 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Seb in WordPress Plugin Blog Designer PRO versions = 3.4.7...
WordPress QuickCab plugin <= 1.3.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin QuickCab versions = 1.3.3...
CVE-2024-24425
Magma v1.8.0 and OAI EPC Federation v1.20 were discovered to contain an out-of-bounds read in the amfasestablishreq function at /tasks/amf/amfas.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted NAS packet...
WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Jingle Bells in WordPress Plugin Hospital Management System versions = 47.020-11-2023...
WordPress Photography Theme <= 7.5.2 is vulnerable to PHP Object Injection
Software Photography Type Theme Vulnerable versions = 7.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE N/A Patch priority High CVSS severity High 8.5 Developer EPC PSID 070158f14a77 Credits Rafie Muhammad Patchstack Required privilege Subscriber Published 22...