675 matches found
Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update
The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction function...
WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting
A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. id: CVE-2011-5106 info: name: WordPress Plugin Flexible Custom Post Type 0.1.7 - Cross-Site...
WordPress Flexible Refund and Return Order for WooCommerce plugin <= 1.0.51 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin Flexible Refund and Return Order for WooCommerce versions = 1.0.51...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: flexproportions: making fpropnewperiod safe from hardirq issues. Bernd reported a deadlock issue in the flexible proportions code, which essentially complained about the following race conditions: runtimersoftirq – we’re in a...
Malicious code in rate-limits-flexible (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 809e7f8796ee45bb12d644bd48e71cbfca430e22d40b06ea0e0437097d131068 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious Package
Overview rate-limits-flexible is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in rate-limit-flexible (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 166436585b1666871717d2202a01b64cfc580432ad36d90fa05903daf050d8f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview rate-limit-flexible is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-5627 Malicious code in rate-limits-flexible (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 809e7f8796ee45bb12d644bd48e71cbfca430e22d40b06ea0e0437097d131068 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-5626 Malicious code in rate-limit-flexible (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 166436585b1666871717d2202a01b64cfc580432ad36d90fa05903daf050d8f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: fixed a crash in setmeshsync and setmeshcomplete. There is a bug: KASAN: a stack-out-of-bounds issue in setmeshsync, caused by memcpy from a poorly declared on-stack flexible array. Another crash occurs in...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed ext4mbmarkbb with flexbg and fastcommit. In the case of the flexbg feature which is enabled by default, extents for any given inode may span across blocks from two different block groups. ext4mbmarkbb only reads the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid field-overflowing memcpy In preparation for FORTIFYSOURCE, we are performing compile-time and run-time field bounds checking for memcpy, memmove, and memset. Avoid intentionally writing across neighboring fields...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: drm/amd: Fixed UBSAN array-index-out-of-bounds issues for Polaris and Tonga. For pptable structures that use flexible array sizes, use flexible arrays instead...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ovl: Use the “buf” flexible array as the destination for memcpy. The “buf” flexible array must be used as the destination for memcpy to avoid false positive run-time warnings caused by the recent FORTIFYSOURCE hardening measures:...
CVE-2026-43017
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate mesh send advertising payload length meshsend currently bounds MGMTOPMESHSEND by total command length, but it never verifies that the bytes supplied for the flexible advdata array actually match the...
CVE-2026-31772 Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix stack buffer overflow in hcilebigcreatesync hcilebigcreatesync uses DEFINEFLEX to allocate a struct hcicplebigcreatesync on the stack with room for 0x11 17 BIS entries. However, conn-numbis can hold up to...
OESA-2026-2099 fio security update
fio is a tool used to spawn many threads or processes that perform a specific type of io operation specified by the user.It accepts many global parameters inherited by threads.Its common method is to simulate jobs that match the specified io load. Security Fixes: A NULL pointer dereference...
[SECURITY] Fedora 44 Update: opam-2.5.1-1.fc44
Opam is a source-based package manager for OCaml. It supports multiple simultaneous compiler installations, flexible package constraints, and a Git-friendly development workflow...
[SECURITY] Fedora 43 Update: opam-2.5.1-1.fc43
Opam is a source-based package manager for OCaml. It supports multiple simultaneous compiler installations, flexible package constraints, and a Git-friendly development workflow...