Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: MIPS: pgalloc: fixed a memory leak caused by pgdfree The pgd page is freed by the generic implementation pgdfree since commit f9cb654cb550 „asm-generic: pgalloc: provides a generic pgdfree”, however, there are scenarios in which...

EUVD-2006-5609

Malware in sbrugna...

EUVD-2008-2290

Malware in sbrugna...

EUVD-2022-55016

Malicious code in bioql PyPI...

Relative Path Traversal

Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Relative Path Traversal via improper enforcement of server.fs settings. An attacker can access arbitrary HTML files on the server by sending crafted requests to the preview server. Note:...

CVE-2025-58752 Vite's `server.fs` settings were not applied to HTML files

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or server.host config option and...

Linux io_uring Out-Of-Bounds Access

iouaddrmap in iouring handles multi-page region dangerously in a way that may allow for out-of-bounds access. iouaddrmap wants to import a region from userspace, and then address the imported region through the linear mapping area. This requires that the imported region is physically contiguous. ...

SUSE CVE-2022-49210

In the Linux kernel, the following vulnerability has been resolved: MIPS: pgalloc: fix memory leak caused by pgdfree pgd page is freed by generic implementation pgdfree since commit f9cb654cb550 "asm-generic: pgalloc: provide generic pgdfree", however, there are scenarios that the system uses mor...

SUSE CVE-2024-38610

In the Linux kernel, the following vulnerability has been resolved: drivers/virt/acrn: fix PFNMAP PTE checks in acrnvmrammap Patch series "mm: followpte improvements and acrn followpte fixes". Patch 1 fixes a bunch of issues I spotted in the acrn driver. It compiles, that's all I know. I'll...

OESA-2024-1612 atril security update

Mate-document-viewer is simple document viewer. It can display and print Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS, DVI, DJVU, epub and XPS files. When supported by the document format, mate-document-viewer allows searching for text, copying text to the clipboard,...

io_uring __io_uaddr_map() Dangerous Multi-Page Handling

iouring: iouaddrmap handles multi-page region dangerously iouaddrmap wants to import a region from userspace, and then address the imported region through the linear mapping area. This requires that the imported region is physically contiguous. A comment in iouaddrmap explains that the imported...

Linux io_uring __io_uaddr_map() Dangerous Multi-Page Handling Exploit

iouring: iouaddrmap handles multi-page region dangerously iouaddrmap wants to import a region from userspace, and then address the imported region through the linear mapping area. This requires that the imported region is physically contiguous. A comment in iouaddrmap explains that the imported...

Authcov - Web App Authorisation Coverage Scanning

Web app authorisation coverage scanning. Introduction AuthCov crawls your web application using a Chrome headless browser while logged in as a pre-defined user. It intercepts and logs API requests as well as pages loaded during the crawling phase. In the next phase it logs in under a different us...

WordPress Multi-page Toolkit plugin跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Multi-page Toolkit plugin 2.6 and earlier versions are vulnerable to cross-site request forgery,...

CVE-2022-1818

The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well...

CVE-2022-1818

The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well...

Cross site scripting

The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well...

CVE-2022-1818

CVE-2022-1818 affects the WordPress plugin Multi-page Toolkit (versions up to 2.6). The vulnerability arises from a missing CSRF check when updating plugin settings, which could allow an authenticated admin to perform a CSRF attack that changes settings. This, combined with insufficient sanitisat...

CVE-2022-1818 Multi-page Toolkit <= 2.6 - Arbitrary Settings Update to Stored XSS via CSRF

The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well...

WordPress plugin Multi-page Toolkit 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Multi-page Toolkit plugin 2.6 and earlier versions are vulnerable to cross-site request forgery,...