54814 matches found
CLSA-2025-1767004508 httpd: Fix of CVE-2025-58098
CVE-2025-58098: prevent command injection in modcgid via shell-escaped SSI query strings...
CLSA-2025-1767001153 pam: Fix of CVE-2025-8941
CVE-2025-8941: fix additiinally potential privilege escalationvia multiple symlink attacks and race conditions...
CVE-2025-65442
CVE-2025-65442 describes a DOM-based XSS in the 201206030 novel system version 3.5.0. The root cause is insufficient validation/encoding of user-controllable data in the book_comment module: unfiltered input is stored in the database (book_comment.commentContent) and later rendered into the page ...
CVE-2025-66947
SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP to infer database contents. Successful exploitation may lead to full database compromise, especially...
openSUSE 15: libpython3_9-1_0 / libpython3_9-1_0-32bit / python39 / etc (SUSE-SU-2025:4522-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4522-1 advisory. - CVE-2025-12084: quadratic complexity when building nested elements using xml.dom.minidom methods that depend on clearidcache can lead to availabili...
CVE-2025-66947
SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP to infer database contents. Successful exploitation may lead to full database compromise, especially...
CVE-2025-66947
SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP to infer database contents. Successful exploitation may lead to full database compromise, especially...
Security update for python39
This update for python39 fixes the following issues: CVE-2025-12084: quadratic complexity when building nested elements using xml.dom.minidom methods that depend on clearidcache can lead to availability issues when building excessively nested documents bsc1254997. CVE-2025-13836: use of...
American Fuzzy Lop plus plus 4.35c
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...
PT-2025-53593
Name of the Vulnerable Software and Affected Versions krishanmuraiji SMS version 1.0 Description A SQL injection issue exists in krishanmuraiji SMS version 1.0. The issue is located within the '/studentms/admin/edit-class-detail.php' file and is triggered through the editid GET parameter. An...
EUVD-2025-205435
SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP to infer database contents. Successful exploitation may lead to full database compromise, especially...
CVE-2025-66947
SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP to infer database contents. Successful exploitation may lead to full database compromise, especially...
📄 Backdoor.Win32.Poison.jh Remote File Hijack
This code represents an educational Metasploit module concept that demonstrates how insecure file permissions created Backdoor.Win32.Poison.jh could be abused to achieve code execution. The scenario assumes that the malware drops an executable file inside a protected Windows directory SysWOW64 wi...
Linux Distros Unpatched Vulnerability : CVE-2022-50779
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - orangefs: Fix kmemleak in orangefspreparedebugfshelpstring When insert and remove the orangefs module, then debughelpstring will be leaked: unreferenced object...
CVE-2025-66947
CVE-2025-66947 affects krishanmuraiji SMS v1.0. The flaw is a time-based SQL injection in /studentms/admin/edit-class-detail.php via the editid GET parameter, where unvalidated input can trigger SQL SLEEP() delays to infer database contents. Exploitation could lead to full database disclosure or ...
CVE-2022-50711
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: fix possible memory leak in mtkprobe If mtkwedaddhw has been called, mtkwedexit needs be called in error path or removing module to free the memory allocated in mtkwedaddhw...
SUSE CVE-2023-54047
In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: dwhdmi: cleanup drm encoder during unbind This fixes a use-after-free crash during rmmod. The DRM encoder is embedded inside the larger rockchiphdmi, which is allocated with the component. The component memory gets...
SUSE CVE-2023-54070
In the Linux kernel, the following vulnerability has been resolved: igb: clean up in all error paths when enabling SR-IOV After commit 50f303496d92 "igb: Enable SR-IOV after reinit", removing the igb module could hang or crash depending on the machine when the module has been loaded with the maxv...
SUSE CVE-2023-54081
In the Linux kernel, the following vulnerability has been resolved: xen: speed up grant-table reclaim When a grant entry is still in use by the remote domain, Linux must put it on a deferred list. Normally, this list is very short, because the PV network and block protocols expect the backend to...
SUSE CVE-2025-68740
In the Linux kernel, the following vulnerability has been resolved: ima: Handle error code returned by imafilterrulematch In imamatchrules, if imafilterrulematch returns -ENOENT due to the rule being NULL, the function incorrectly skips the 'if !rc' check and sets 'result = true'. The LSM rule is...