2032 matches found
Hitachi Energy RTU500 Product
SUMMARY Hitachi Energy is aware of vulnerabilities that affect RTU500 product versions listed in this document. Successful exploitation of these vulnerabilities can result in the exposure of low-value user management information and device outage. Please refer to the Recommended Immediate...
PT-2026-7483
Heads up, folks: Microsoft's February 2026 Patch Tuesday is out, dropping 55 vulnerability fixes across various products. Among these is CVE-2025-59498, which Microsoft has explicitly marked as Critical. This update is significant, addressing a broad spectrum of security issues. While the specifi...
MCP Run Python has a Sandbox Escape & Server Takeover Vulnerability
Impact Critical Sandbox Escape & Server Takeover: A critical security vulnerability exists in mcp-run-python due to a lack of isolation between the Python runtime Pyodide and the host JavaScript environment. The runPython and runPythonAsync functions execute Python code using Pyodide without...
Hitachi Energy SuprOS
SUMMARY Hitachi Energy is aware of a vulnerability that affects the SuprOS product versions listed in this document. An attacker successfully exploiting this vulnerability can cause confidentiality, integrity and availability impacts. Please refer to the Recommended Immediate Actions for...
CVE-2021-41243
There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be...
kernel: RDMA/siw: Fix connection failure handling
A NULL dereference vulnerability was found in the Linux kernel, which is caused when the siwcmworkhandler function attempts to dereference a NULL listener that may be created when immediate MPA request processing fails and the newly created endpoint unlinks the listening endpoint ready to be...
Linux Distros Unpatched Vulnerability : CVE-2022-50736
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/siw: Fix immediate work request flush to completion queue Correctly set send queue element opcode during immediate work request flushing in post sendqueue...
EUVD-2022-55753
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix immediate work request flush to completion queue Correctly set send queue element opcode during immediate work request flushing in post sendqueue operation, if the QP is in ERROR state. An undefined ocode value...
CVE-2022-50736
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix immediate work request flush to completion queue Correctly set send queue element opcode during immediate work request flushing in post sendqueue operation, if the QP is in ERROR state. An undefined ocode value...
UBUNTU-CVE-2022-50736
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix immediate work request flush to completion queue Correctly set send queue element opcode during immediate work request flushing in post sendqueue operation, if the QP is in ERROR state. An undefined ocode value...
CVE-2022-50736 RDMA/siw: Fix immediate work request flush to completion queue
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix immediate work request flush to completion queue Correctly set send queue element opcode during immediate work request flushing in post sendqueue operation, if the QP is in ERROR state. An undefined ocode value...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from an out-of-bounds access when an immediate work request is flushed to the completion queue...
PT-2025-53040
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel’s RDMA/siw component related to handling immediate work requests and flushing to the completion queue. An incorrect send queue element opcode during...
CVE-2025-55753
An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: fro...
CVE-2025-65951 Inside Track / Entropy Derby Timelock Encryption Bypassed via Pre-Computed VDF Output Leakage
Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted...
Inside Track 加密问题漏洞
Inside Track is a horse racing betting engine by the individual developer Lumina Mescuwa. Inside Track suffers from an encryption issue vulnerability that stems from the VDF encryption system not enforcing a sequential delay, which could lead to immediate decryption...
MAL-2025-191010 Malicious code in set-nested-prop (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e3ace4ffb79a5de4b7a82ae75ffdcccb6233dce2bfa2a4f32f70a3dc6921a03 The package set-nested-prop was found to contain malicious code. Source: ghsa-malware 35b0b9a8f67ec13668f93a14f45e037dc7cb3c33fa4c688e13b10a3cd2c5d3a...
WordPress plugin Email Subscribers & Newsletters 访问控制错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An Access Control Erro...
CVE-2025-63747
CVE-2025-63747 affects QaTraq 6.9.2. The issue arises from default-enabled administrative credentials, allowing immediate login through the web app login page and granting administrative access if reachable. The vulnerability is present in the default configuration, so an attacker who can access ...
CVE-2025-64707 Frappe LMS revoking access did not show immediate effect as roles were cached
Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is...