CVE-2022-49248

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction AV/C deferred transaction was supported at a commit 00a7bb81c20f "ALSA: firewire-lib: Add support for deferred transaction" while 'deferrable' flag can be...

CVE-2022-49248 ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction AV/C deferred transaction was supported at a commit 00a7bb81c20f "ALSA: firewire-lib: Add support for deferred transaction" while 'deferrable' flag can be...

PT-2025-8337 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the lib/string helpers module. The problem occurs because the allocated strarray is not added to the device...

MAL-2025-191871 Malicious code in snapshot-photo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 61ed09e2fa2143dedd945c585d917ad8d7b55d7118e5093430b48c5c02d126f8 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

The vulnerability of the Linux operating system’s kernel component, which allows a hacker to trigger a service failure

The vulnerability of the lib kernel component of the Linux operating system is related to errors in resource management in the objaggobjparentassign function. Exploiting this vulnerability can allow an attacker to cause a service failure...

PT-2025-7249 · Unknown · Orml Rewards

Name of the Vulnerable Software and Affected Versions: ORML Rewards pallet versions prior to the fixed version Description: A vulnerability in the add share function can lead to an uncaught Rust panic when handling user-provided input exceeding the u128 range. This issue affects any Substrate-bas...

SUSE CVE-2022-47930

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...

CVE-2025-25066

nDPI through 4.12 has a potential stack-based buffer overflow in ndpiaddresscacherestore in lib/ndpicache.c...

Prototype Pollution

Overview org.webjars.npm:vxe-table is an A PC form/table component based on Vue , supporting add, delete, modify, query, virtual tree, drag and drop sorting, lazy loading, shortcut menu, data validation, import/export/print, form rendering, custom templates, renderer, JSON configuration. Affected...

CVE-2021-37632

SuperMartijn642's Config Lib is a library used by a number of mods for the game Minecraft. The versions of SuperMartijn642's Config Lib between 1.0.4 and 1.0.8 are affected by a vulnerability and can be exploited on both servers and clients. Using SuperMartijn642's Config Lib, servers will send a...

Zag 安全漏洞

Zag is a framework open-sourced by Chakra. A security vulnerability exists in Zag version v0.50.0, which stems from the lib.deepMerge function containing a prototype contamination vulnerability...

utils-extend 安全漏洞

utils-extend is an extension by nothing individual developer. A security vulnerability exists in utils-extend, which stems from the lib.extend function containing a prototype contamination vulnerability...

expand-object 安全漏洞

expand-object is a library by Jon Schlinkert, a personal developer, that uses simple symbols to expand strings into JavaScript objects. A security vulnerability exists in expand-object version v0.4.2, which stems from the lib function containing a prototype contamination vulnerability...

xe-utils 安全漏洞

xe-utils is an open source javascript library, toolkit from XE. A security vulnerability exists in xe-utils version v3.5.31, which stems from the lib.merge function containing a prototype contamination vulnerability...

defaults 安全漏洞

defaults is a library by the individual developer Nathan Houle. When the value of an enumerable property owned on a source object is undefined, copying that property from the source object to the target object A security vulnerability exists in defaults version v2.0.1, which stems from the lib.de...

PT-2025-5767 · Dot-Qs · Dot-Qs

Name of the Vulnerable Software and Affected Versions: dot-qs version 0.2.0 Description: A prototype pollution in the lib.parse function allows attackers to cause a Denial of Service DoS via supplying a crafted payload. Recommendations: For dot-qs version 0.2.0, consider disabling the lib.parse...

PT-2025-5769 · Unknown · Expand-Object

Name of the Vulnerable Software and Affected Versions: expand-object version 0.4.2 Description: A prototype pollution in the lib function of expand-object allows attackers to cause a Denial of Service DoS via supplying a crafted payload. Recommendations: For expand-object version 0.4.2, consider...

PT-2025-5766 · Npm · @Ndhoule/Defaults

Name of the Vulnerable Software and Affected Versions: @ndhoule/defaults version 2.0.1 Description: A prototype pollution in the lib.deep function allows attackers to cause a Denial of Service DoS via supplying a crafted payload. Recommendations: For @ndhoule/defaults version 2.0.1, consider...

PT-2025-5754 · Unknown · Utils-Extend

Name of the Vulnerable Software and Affected Versions: utils-extend version 1.0.8 Description: The issue allows an attacker to introduce or modify properties within the global prototype chain through the lib.extend entry function, causing a denial of service DoS as the minimum consequence. This i...

PT-2025-5755 · Unknown · @Zag-Js/Core

Name of the Vulnerable Software and Affected Versions: @zag-js/core version 0.50.0 Description: A prototype pollution issue in the lib.deepMerge function allows attackers to cause a Denial of Service DoS by supplying a crafted payload. Recommendations: For @zag-js/core version 0.50.0, consider...