GHSA-FCJQ-435V-JX94 pyLoad is vulnerable to stored XSS in Downloads view via unsanitized link URL in packages.js template literal

Summary The packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to the DOM via $div.htmlhtml. No escaping runs between the API value and innerHTML. An...

pyLoad is vulnerable to stored XSS in Downloads view via unsanitized link URL in packages.js template literal

Summary The packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to the DOM via $div.htmlhtml. No escaping runs between the API value and innerHTML. An...

EUVD-2010-3607

Malware in sbrugna...

EUVD-2025-30402

Malicious code in bioql PyPI...

CVE-2025-10787

A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may be initiated remotely. The exploit has bee...

CVE-2025-10787

A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may be initiated remotely. The exploit has bee...

CVE-2025-10787 MuYuCMS Add Fiend Link index.html server-side request forgery

A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may be initiated remotely. The exploit has bee...

CVE-2025-7732

The Lazy Load for Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lazy‑loading handlers in all versions up to, and including, 2.18.7 due to insufficient input sanitization and output escaping. The plugin’s JavaScript registration handlers read the client‑supplied...

CVE-2025-7439

Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $anberitem'buttonlink''url'’ parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

UBUNTU-CVE-2025-54310

qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp...

CVE-2024-11937

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's linkURL in the Mobile Menu element in all versions up to, and including, 4.10.69 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

UBUNTU-CVE-2024-50011

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

SUSE CVE-2024-46862

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

SUSE CVE-2024-46863

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

AZL-49887 CVE-2024-46863 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

DEBIAN-CVE-2024-46863

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

DEBIAN-CVE-2024-46862

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

PT-2024-32256 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the ASoC: Intel: soc-acpi-intel-mtl-match component in the Linux kernel. There is no links num in the struct snd soc acpi mach and the code tests !link-num adr ...

kernel: octeontx2-af: Add validation for lmac type

A flaw was found in the octeontx2-af network driver within the Linux kernel where insufficient validation of the lmactypeid field from firmware during a physical link change can result in a kernel panic. Firmware may report an invalid lmactypeid, and because the kernel previously derived an...

SUSE CVE-2008-3459

Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted 1 lladdr and 2 iproute configuration directives, probably related to shell metacharacters...