CVE-2022-25335

RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. This enables token manipulation, as exploited in the wild in February 2022. NOTE: although 2022-02-17 is the vendor's vulnerability announcement date, the vulnerability will not be remediated until a major...

CVE-2020-19765

An issue in the noReentrance modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack...

Xorg: xwayland: Buffer overflow in XkbVModMaskText()

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size...

Security Bulletin: A vulnerability in IBM Robotic Process Automation may result in exposure of the name and email for the creator/modifier of platform level objects (CVE-2022-43573)

Summary There is a vulnerability in IBM Robotic Process Automation. Accessing specific platform level objects created in RPA may expose the creator or modifiers email address. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability Details...

Xorg: xwayland: Buffer overflow in XkbVModMaskText()

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size...

Xorg: xwayland: Buffer overflow in XkbVModMaskText()

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size...

Astra Linux – Vulnerability in symfony

symfony/validator is a module for the Symphony PHP framework that provides tools for validating values. It’s possible to trick a Validator configured with a regular expression using the $ metacharacter, especially when the input ends with \n. Starting from versions 5.4.43, 6.4.11, and 7.1.4,...

CVE-2025-23818

Cross-Site Request Forgery CSRF vulnerability in pyko More Link Modifier more-link-modifier allows Stored XSS.This issue affects More Link Modifier: from n/a through = 1.0.3...

CVE-2024-56359

grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier meaning for example Ctrl+click could have their account compromised, since the link could use the javascript: scheme and be evaluated in the context...

CVE-2025-23818

Cross-Site Request Forgery CSRF vulnerability in pyko More Link Modifier more-link-modifier allows Stored XSS.This issue affects More Link Modifier: from n/a through = 1.0.3...

CVE-2025-23818 WordPress More Link Modifier plugin <= 1.0.3 - CSRF to Cross-Site Scripting vulnerability

Cross-Site Request Forgery CSRF vulnerability in pyko More Link Modifier more-link-modifier allows Stored XSS.This issue affects More Link Modifier: from n/a through = 1.0.3...

CVE-2025-23818 WordPress More Link Modifier plugin <= 1.0.3 - CSRF to Cross-Site Scripting vulnerability

Cross-Site Request Forgery CSRF vulnerability in pyko More Link Modifier more-link-modifier allows Stored XSS.This issue affects More Link Modifier: from n/a through = 1.0.3...

CVE-2025-23818

CVE-2025-23818 affects the WordPress plugin More Link Modifier . The issue is a combination of Cross-Site Request Forgery (CSRF) that facilitates a Stored XSS vulnerability, impacting versions from n/a through 1.0.3 . Exploitation details and patch information are not provided in the supplied doc...

WordPress More Link Modifier plugin <= 1.0.3 - CSRF to Cross-Site Scripting vulnerability

CSRF to Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin More Link Modifier versions = 1.0.3...

data-agora (=0.1.1), dtx (>=0.31.0 <=0.34.0) +10 more potentially affected by CVE-2024-10044 via fastchat (=0.1.0)

fastchat PYPI version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on fastchat and may be impacted: - data-agora =0.1.1 - dtx =0.31.0, =0.2.0, =0.18.3, =0.0.2, =0.4.0, =0.0.1, =0.1.3, =0.1.0, =0.1.0, =0.1.1 Source cves: CVE-2024-10044 Source...

CVE-2024-56359 Cross-site Scripting vulnerability through HyperLink cells in grist-core

grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier meaning for example Ctrl+click could have their account compromised, since the link could use the javascript: scheme and be evaluated in the context...

CVE-2024-50343 Incorrect response from Validator when input ends with `\n` in symfony/validator

symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a Validator configured with a regular expression using the $ metacharacters, with an input ending with \n. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the D...

CVE-2024-50343

symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a Validator configured with a regular expression using the $ metacharacters, with an input ending with \n. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the D...

GHSA-G3RH-RRHP-JHH9 Symfony has an incorrect response from Validator when input ends with `\n`

Description It is possible to trick a Validator configured with a regular expression using the $ metacharacters, with an input ending with \n. Resolution Symfony now uses the D regex modifier to match the entire input. The patch for this issue is available here for branch 5.4. Credits We would li...

CVE-2022-48849 drm/amdgpu: bypass tiling flag check in virtual display case (v2)

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: bypass tiling flag check in virtual display case v2 vkms leverages common amdgpu framebuffer creation, and also as it does not support FB modifier, there is no need to check tiling flags when initing framebuffer when...