TencentOS Server 4: kernel (TSSA-2025:0432)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0432 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

D-Link DIR-878 安全漏洞

The D-Link DIR-878 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-878 that originates from improperly reading the Serial Number field in the rc binary's USB storage handling module, which could result in a stack buffer overflow...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989260)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989260 advisory. In the Linux kernel, the following vulnerability has been resolved: mac80211: fix use-after-free in CCMP/GCMP RX When PN checking is done in mac80211, for...

EUVD-2011-1841

Malware in sbrugna...

EUVD-2025-18190

Malicious code in bioql PyPI...

CVE-2023-53393

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5ibgethwstats when used for device Currently, when mlx5ibgethwstats is used for device portnum = 0, there is a special handling in order to use the correct counters, but, portnum is being passed down the stack...

UBUNTU-CVE-2023-53393

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5ibgethwstats when used for device Currently, when mlx5ibgethwstats is used for device portnum = 0, there is a special handling in order to use the correct counters, but, portnum is being passed down the stack...

CVE-2023-53393

CVE-2023-53393 affects the Linux kernel RDMA mlx5 subsystem. The root cause is incorrect port_num handling in mlx5_ib_get_hw_stats() for device (port_num = 0), with downstream code assuming port_num >= 1, which can trigger a page fault (oops) as shown in the provided trace. The fix sets port_n...

SQL Injection

pg-promise is vulnerable to SQL Injection. The vulnerability is due to improper handling of negative numbers, which allows an attacker to manipulate SQL queries by injecting malicious input...

pg-promise SQL Injection vulnerability

pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers...

pg-promise 安全漏洞

pg-promise is a PostgreSQL interface for Node.js by Vitaly Tomilov Personal Developer. A security vulnerability exists in pg-promise versions prior to 11.5.5, which stems from mishandling of negative numbers and may lead to SQL injection...

CVE-2025-29744

CVE-2025-29744 affects pg-promise (Node.js PostgreSQL interface); root cause is improper handling of negative numbers, leading to SQL Injection in versions before 11.5.5. Public documents consistently describe a vulnerability in the query construction/parameter handling that can allow attacker-su...

AZL-43762 CVE-2023-48795 affecting package trilead-ssh2 217.8-2

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

WordPress Plugin Kali Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...

The vulnerability of the ftp_genlist function in the PHP programming language allows a hacker to execute arbitrary code.

The vulnerability of the ftpgenlist function ext/ftp/ftp.c in the PHP programming language is related to errors in number processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ZCFees Number Error Vulnerability

A Numeric Error vulnerability exists in ZCFees that arises from a network system or product not properly calculating or converting resulting numbers. An attacker could exploit this vulnerability to cause, among other things, an integer overflow or a sign error...

Mozilla Rust rand_core number handling error vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A number handling error vulnerability exists in Mozilla Rust versions prior to 0.4.2 in randcore, which arises from an error in the handling of bytes converted to integers, and can be exploited to execute...

PT-2019-5545 · Sqlite +9 · Sqlite +9

Name of the Vulnerable Software and Affected Versions: SQLite versions 3.30.1 and earlier Description: The issue is related to errors in handling numbers, which can be exploited by a remote attacker to cause a denial of service. It is also reported that certain SELECT statements with a nonexisten...

VideoLAN VLC media player integer overflow vulnerability

VideoLAN VLC media player is a free, open source cross-platform multimedia player also a multimedia framework organized by VideoLAN France. The product supports the playback of a variety of media files, CD-ROMs, etc., a variety of audio and video formats WMV, MP3, etc. and so on. An integer...