PT-2025-30805

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the nvmet subsystem related to bio integrity. When nvmet receives commands with metadata, a continuous memory leak occurs within the kmalloc-12...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookuprec when index is 0 CVE-2023-53075 In the Linux kernel, the following vulnerability has been resolved: ext4: fix task hung in ext4xattrdeleteinode CVE-2023-53089 In the...

SUSE CVE-2022-50082

In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4iomapbegin as race between bmap and write We got issue as follows: ------------ cut here ------------ WARNING: CPU: 3 PID: 9310 at fs/ext4/inode.c:3441 ext4iomapbegin+0x182/0x5d0 RIP:...

DEBIAN-CVE-2022-50082

In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4iomapbegin as race between bmap and write We got issue as follows: ------------ cut here ------------ WARNING: CPU: 3 PID: 9310 at fs/ext4/inode.c:3441 ext4iomapbegin+0x182/0x5d0 RIP:...

UBUNTU-CVE-2022-50082

In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4iomapbegin as race between bmap and write We got issue as follows: ------------ cut here ------------ WARNING: CPU: 3 PID: 9310 at fs/ext4/inode.c:3441 ext4iomapbegin+0x182/0x5d0 RIP:...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: dm-integrity: Avoid divide by zero in table status in Inline mode In Inline mode, the journal is unused, and journalsectors is zero. Calculating the journal watermark requires dividing by journalsectors, which should be done only...

VulnCheck KEV: CVE-2025-31125

Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected...

Security update for slurm_24_11

This update for slurm2411 fixes the following issues: Update to version 24.11.5. Security issues fixed: CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to Administrator bsc1243666. Other changes and issues fixe...

GHSA-M4HF-FXCG-CP34 DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline

Uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks...

DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline

Uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks...

CVE-2025-48378 Dnn.Platform vulnerable to Stored Cross-Site Scripting (XSS) with svg files rendered inline

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...

CVE-2025-48378 Dnn.Platform vulnerable to Stored Cross-Site Scripting (XSS) with svg files rendered inline

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...

CVE-2024-9064

The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

CVE-2024-31426

Cross-Site Request Forgery CSRF vulnerability in Data443 Inline Related Posts.This issue affects Inline Related Posts: from n/a through 3.3.1...

CVE-2024-5626

The Inline Related Posts WordPress plugin before 3.7.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-51803

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magnetic Creative Inline Click To Tweet inline-click-to-tweet allows DOM-Based XSS.This issue affects Inline Click To Tweet: from n/a through = 1.0.0...

CVE-2024-56019

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gavinr Inline Footnotes inline-footnotes allows Stored XSS.This issue affects Inline Footnotes: from n/a through = 2.3.0...

CVE-2023-51668

Cross-Site Request Forgery CSRF vulnerability in WP Zone Inline Image Upload for BBPress.This issue affects Inline Image Upload for BBPress: from n/a through 1.1.18...

CVE-2023-50871

In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed...

MAL-2025-4378 Malicious code in my-check-inline-loader-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 158a5f06d42d4341fa6161944260a13e1cd79d01a746eddd52ce26b77770024e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...