Code-Projects Inventory Management System 安全漏洞

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the categoriesId parameter in the /phpaction/fetchSelectedCategories.php file against externally entered SQL...

SUSE CVE-2022-50162

In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: Fix possible refcount leak in ifusbprobe usbgetdev will be called before lbsgetfirmwareasync which means that usbputdev need to be called when lbsgetfirmwareasync fails...

CVE-2025-50182

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...

Open Redirect

Overview urllib3 is a HTTP library with thread-safe connection pooling, file post, and more. Affected versions of this package are vulnerable to Open Redirect when used within a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest, due to the retries and redirect...

Malicious code in rival-fetch-hook (npm)

The package communicates with a domain associated with malicious activity...

UBUNTU-CVE-2022-50007

In the Linux kernel, the following vulnerability has been resolved: xfrm: fix refcount leak in xfrmpolicycheck The issue happens on an error path in xfrmpolicycheck. When the fetching process of the object pols1 fails, the function simply returns 0, forgetting to decrement the reference count of...

Security update for python-cryptography

This update for python-cryptography fixes the following issues: CVE-2025-3416: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242631 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch...

The vulnerability of the browser’s Background Fetch API programming interface in Google Chrome, which allows a perpetrator to disclose protected information

The vulnerability of the Background Fetch API in Google Chrome browser’s software interface is related to the disclosure of information. Exploiting this vulnerability could allow a remote attacker to disclose sensitive information through a specially created HTML page...

Security update for 389-ds

This update for 389-ds fixes the following issues: Security fixes: CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242666 Other fixes: Enable memory accounting as SUSE disables it by default bsc1241016. Fix dsidm service getdn option failing bsc1241988...

org.webjars.npm:image-thumbnail (=1.0.15), org.webjars.npm:pkg-fetch (=3.4.2) +3 more potentially affected by CVE-2025-48387 via org.webjars.npm:tar-fs (=2.1.1)

org.webjars.npm:tar-fs MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:tar-fs and may be impacted: - org.webjars.npm:image-thumbnail =1.0.15 - org.webjars.npm:pkg-fetch =3.4.2 - org.webjars.npm:prebuild-install =7.1...

CVE-2025-5064

Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

Chromium: CVE-2025-5064 Inappropriate implementation in Background Fetch API

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

SUSE CVE-2025-5064

Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

Microsoft Windows Snipping Tool (Windows SMB Login)

SMB login-based detection of Microsoft Windows Snipping Tool SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-5064

Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-5064

Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2025-5064

Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-5064

Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-5064

CVE-2025-5064 relates to an inappropriate implementation in Chrome's Background Fetch API that could leak cross-origin data via a crafted HTML page. Affected product: Google Chrome (Chromium base). The issue is mitigated by upgrading to Chrome 137.0.7151.55 or later (Chromium fix referenced by Ch...

CVE-2025-5064

Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...