PT-2025-40399

Name of the Vulnerable Software and Affected Versions YOSHOP 2.0 Description The software allows unauthorized disclosure of information through comment-list API endpoints within the Goods module. The Comment model loads the related User model without filtering specific fields. Due to the absence ...

[SECURITY] Fedora 42 Update: sqlite-3.47.2-5.fc42

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

CVE-2022-50433 efi: ssdt: Don't free memory if ACPI table was loaded successfully

In the Linux kernel, the following vulnerability has been resolved: efi: ssdt: Don't free memory if ACPI table was loaded successfully Amadeusz reports KASAN use-after-free errors introduced by commit 3881ee0b1edc "efi: avoid efivars layer when loading SSDTs from variables". The problem appears t...

CVE-2022-50433

CVE-2022-50433 : Linux kernel vulnerability in the EFI/ACPI SSDT handling. Amadeusz reported KASAN use-after-free caused by unconditional kfree() of the new ACPI table when loading SSDTs from variables. Root cause: memory freed on both success and failure, mishandling ACPI core load result. Fix: ...

Heap Buffer Overflow

executorch is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper handling in the loading of ExecuTorch models, which allows an attacker to achieve code execution or cause other undesirable effects...

Integer Overflow

executorch is vulnerable to integer overflow. The vulnerability is due to improper handling in the loading of ExecuTorch models, which allows an attacker to place objects outside their allocated memory area leading to potential code execution or other undesirable effects...

Integer Overflow

executorch is vulnerable to integer overflow. The vulnerability is due to improper handling of model loading, which allows an attacker to trigger overlapping allocations leading to potential code execution or other undesirable effects...

CVE-2025-9267

In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory ...

CVE-2025-9267

In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory ...

CVE-2025-9267

In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory ...

CVE-2025-9267

In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory ...

CVE-2025-9267

The CVE-2025-9267 issue affects Seagate Toolkit on Windows, specifically Toolkit Installer versions prior to 2.35.0.6. The vulnerability arises from loading DLLs from the current working directory without validating origin or integrity, due to insecure DLL loading practices and reliance on relati...

Vietnamese Hackers Use Fake Copyright Notices to Spread Lone None Stealer

New Lone None Stealer uses Telegram C2 and DLL side-loading to grab passwords, credit cards, and crypto. Find out how to spot this highly evasive phishing scam...

CVE-2025-59838

Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been fixed in version 25.44.0...

CVE-2025-36857

Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom...

CVE-2025-36857

Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom...

CVE-2025-59838 Monkeytype Vulnerable to Self-XSS on loading saved custom text

Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been fixed in version 25.44.0...

CVE-2025-59838

CVE-2025-59838 describes a self-XSS vulnerability in Monkeytype prior to version 25.44.0, triggered by improper handling of user input when loading a saved custom text. The issue affects Monkeytype versions up to 25.36.0, where loading saved text could execute unintended scripts. The fixed versio...

CVE-2025-36857 Rapid7 Appspider Broken Access Control Vulnerability

Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom...

Rapid7 AppSpider Pro 安全漏洞

Rapid7 AppSpider Pro is a dynamic application security testing solution from Rapid7, Inc. that allows you to scan Web and mobile applications for vulnerabilities. A security vulnerability exists in Rapid7 AppSpider Pro versions prior to 7.5.021 that stems from an access control flaw in the...