51 matches found
EUVD-2026-45082
grav-plugin-login before 3.8.11 contains a cross-site request forgery CSRF vulnerability in the login.regenerate2FASecret frontend task, which regenerates and persists a new TOTP secret for the authenticated session user without any anti-CSRF nonce or Origin/Referer check. Because Grav core...
CVE-2026-12110
The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'tasksearch' parameter in all versions up to, and including, 5.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the improper enforcement of access controls in the ReadAll and GetTaskAttachment processes. An attacker can gain unauthorized access to and delete file attachments across all...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003110)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003110 advisory. Race condition in the gettaskioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service...
EUVD-2025-203663
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Add call to putpid Add a call to putpid corresponding to gettaskpid. host1xmemorycontextalloc does not take ownership of the PID so we need to free it here to avoid leaking. [email protected]: reword commit message...
CVE-2025-68233
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Add call to putpid Add a call to putpid corresponding to gettaskpid. host1xmemorycontextalloc does not take ownership of the PID so we need to free it here to avoid leaking. [email protected]: reword commit message...
CVE-2025-68233
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Add call to putpid Add a call to putpid corresponding to gettaskpid. host1xmemorycontextalloc does not take ownership of the PID so we need to free it here to avoid leaking. [email protected]: reword commit message...
UBUNTU-CVE-2025-68233
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Add call to putpid Add a call to putpid corresponding to gettaskpid. host1xmemorycontextalloc does not take ownership of the PID so we need to free it here to avoid leaking. [email protected]: reword commit message...
CVE-2025-68233
CVE-2025-68233 affects the Linux kernel's drm/tegra path. The fix adds a put_pid() call corresponding to get_task_pid() because host1x_memory_context_alloc() does not take ownership of the PID, preventing a PID leak. The commercial advisories (Ubuntu/SUSE/OpenSUSE/NASL plug-ins) list this CVE amo...
CVE-2025-68233 drm/tegra: Add call to put_pid()
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Add call to putpid Add a call to putpid corresponding to gettaskpid. host1xmemorycontextalloc does not take ownership of the PID so we need to free it here to avoid leaking. [email protected]: reword commit message...
EUVD-2023-55999
Malicious code in bioql PyPI...
EUVD-2025-25784
Malicious code in bioql PyPI...
EUVD-2025-25783
Malicious code in bioql PyPI...
CVE-2025-8597
MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context despite...
CVE-2025-8700
Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context...
CVE-2025-8597
MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context despite...
CVE-2025-8700
Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context...
CVE-2025-8700 Privilege Escalation via get-task-allow entitlement in Invoice Ninja
Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context...
CVE-2025-8700 Privilege Escalation via get-task-allow entitlement in Invoice Ninja
Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context...
CVE-2025-8700
Invoice Ninja on macOS is affected by a local privilege-escalation issue due to the presence of the entitlement com.apple.security.get-task-allow. This allows unprivileged local attackers (e.g., via a malicious app) to attach a debugger, read/modify process memory, and inject code within the app’...