42 matches found
Astra Linux – Vulnerability in Firefox
The SVG element could have been used to load unexpected content that might execute scripts under certain circumstances. Although the specification appears to allow this, other browsers do not do so. Web developers relied on this property for script security, so Gecko’s implementation was aligned...
Astra Linux – Vulnerability in Firefox
Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 98. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to...
MINI-HCGJ-P55R-99RF
Bulletin has no description...
MINI-G7J4-CMRH-W899
Bulletin has no description...
The vulnerability was exploited in Exim.
The developers of Exim introduced a vulnerability in the Exim Mail Transfer Agent versions prior to 4.99.3. This vulnerability involves a use-after-free in the BDAT body parsing process, specifically when certain GnuTLS backend configurations are used. An unauthorized attacker can exploit this...
EUVD-2026-29920
csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...
CVE-2026-41051 csync2 uses insecure temporary directories when compiled with C99 or later
csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...
Malicious code in apple-internal-security-library-v99 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f44267d5128f9ac2c62938b60bfa45264207a0010c41c97082c72246a3a7a248 The package apple-internal-security-library-v99 was found to contain malicious code. Source: ghsa-malware...
MINI-JC72-RF4W-99MP
Bulletin has no description...
GHSA-FP5J-J7J4-MCXC CraftCMS has an RCE vulnerability via relational conditionals in the control panel
A Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig rendering function with escaping disabled. Any authenticated Control...
Malicious code in corporate-blocking (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a096b32dfa76f7e64480d72862c34ec7e644ac03db51ad09af0eb1f929d637a1 The package corporate-blocking was found to contain malicious code. Source: ossf-package-analysis...
CVE-1999-0007
Information from SSL-encrypted sessions via PKCS 1...
CVE-2025-69288 Titra has Remote Code Execution in Admin Functionality
Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version...
Malicious code in teagood-nakama99 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb9667f1d8c307b6ee30781a27ea88797c44f03e4eac7972a2e1f418ed110644 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-74859
Malicious code in bittersilkwormazure-99 npm...
CVE-2025-12840
creationtimestamp| type| source ---|---|--- 2025-11-11 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-991/ 2026-01-26 11:26:56+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mdd56ezxo22q...
CVE-2022-49951
CVE-2022-49951 concerns the Linux kernel firmware_loader use-after-free during unregister. In firmware_upload_unregister(), device_unregister() could free fw_upload_priv via dev_release before module_put() dereferences it. The documented fix copies fw_upload_priv->module to a local variable an...
CVE-2022-1530
Cross-site Scripting XSS in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application...
WordPress plugin Download Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability exists in...
Performance of Machine Learning Classifiers for Anomaly Detection in Cyber Security Applications
This work empirically evaluates machine learning models on two imbalanced public datasets KDDCUP99 and Credit Card Fraud 2013. The method includes data preparation, model training, and evaluation, using an 80/20 train/test split. Models tested include eXtreme Gradient Boosting XGB, Multi Layer...