4205 matches found
PT-2025-32956
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 139.0.7258.127 Description: An out-of-bounds write issue exists in ANGLE within Google Chrome. A remote attacker could potentially perform out-of-bounds memory access through a specially crafted HTML page. The...
BIT-LIBPHP-2021-21704 Multiple vulnerabilities in Firebird client extension
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute, execute, fetch and others by returning invalid response data that is not...
Linux Distros Unpatched Vulnerability : CVE-2024-1554
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct...
Linux Distros Unpatched Vulnerability : CVE-2017-9984
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sndmsndinterrupt function in sound/isa/msnd/msndpinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service over-boundary...
Linux Distros Unpatched Vulnerability : CVE-2017-9986
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The intr function in sound/oss/msndpinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service over-boundary access or possibl...
The AuthKit Remix Library renders sensitive auth data in HTML
Summary Before 0.15.0, @workos-inc/authkit-remix returned sensitive authentication artifacts from the authkitLoader, specifically sealedSession and accessToken. Because these values were returned from the loader, they were embedded into the server-rendered HTML and became readable by any script...
GHSA-V3GR-W9GF-23CX The AuthKit Remix Library renders sensitive auth data in HTML
Summary Before 0.15.0, @workos-inc/authkit-remix returned sensitive authentication artifacts from the authkitLoader, specifically sealedSession and accessToken. Because these values were returned from the loader, they were embedded into the server-rendered HTML and became readable by any script...
GHSA-VQVC-9Q8X-VMQ6 The AuthKit React Router Library rendered sensitive auth data in HTML
In versions before 0.7.0, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by returning them from the authkitLoader. This caused them to be rendered into the browser HTML. Impact This information disclosure could lead to...
The AuthKit React Router Library rendered sensitive auth data in HTML
In versions before 0.7.0, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by returning them from the authkitLoader. This caused them to be rendered into the browser HTML. Impact This information disclosure could lead to...
Linux Distros Unpatched Vulnerability : CVE-2025-37944
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: ath12k: Fix invalid entry fetch in ath12kdpmonsrngprocess Currently, ath12kdpmonsrngprocess uses ath12khalsrngsrcgetnextentry to fetch the next entry from...
Linux Distros Unpatched Vulnerability : CVE-2025-38319
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amd/pp: Fix potential NULL pointer dereference in atomctrlinitializemcregtable The function atomctrlinitializemcregtable and atomctrlinitializemcregtablev22...
CVE-2025-50234
MCCMS v2.7.0 has an SSRF vulnerability located in the index method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sysauth$pic, 1 function, which utilizes a hard-coded key McEncryptionKey bD2voYwPpNuJ7B8, defined in the...
CVE-2025-54132
Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled serve...
CVE-2025-54132 Cursor's Mermaid Diagram Tool is Vulnerable to an Arbitrary Image Fetch
Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled serve...
CVE-2025-54132 Cursor's Mermaid Diagram Tool is Vulnerable to an Arbitrary Image Fetch
Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled serve...
CVE-2025-54132
CVE-2025-54132 affects Cursor’s Mermaid-based diagram tool prior to version 1.3. An attacker can trigger prompt injections to cause Mermaid-rendered images to fetch data to a remote attacker-controlled server, enabling exfiltration of sensitive information. The issue is fixed in version 1.3; upgr...
PT-2025-31700
Name of the Vulnerable Software and Affected Versions Cursor versions prior to 1.3 Description Cursor is a code editor built for programming with AI. Versions prior to 1.3 allow embedding images through Mermaid, a diagram rendering tool. This can be exploited to exfiltrate sensitive information t...
AllVideoPocsFromHackerOne
This is an offensive tool for retrieving public reports from HackerOne, a bug bounty platform. The tool, named "AllPocsFromHackerOne," is designed to grab public reports from HackerOne and categorize vulnerabilities by technique. It appears to be a Python script that utilizes the HackerOne API to...
MAL-2025-6024 Malicious code in got-fetch (npm)
This package installs a windows based malware file node-gyp.dll via install.js...
Malicious code in got-fetch (npm)
This package installs a windows based malware file node-gyp.dll via install.js...