MAL-2025-23839 Malicious code in join-params (npm)

The package join-params was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2024-23851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - copyparams in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INTMAX bytes, and crash, because of a missing...

deer-wms-2 SQL注入漏洞

deer-wms-2 is an open source warehouse management system from China's deerwms. A security vulnerability exists in deer-wms-2 3.3 and earlier versions, which originates from SQL injection due to incorrect manipulation of paramsdataScope in the file /system/role/authUser/unallocatedList...

Marvell QConvergeConsole Path Traversal Vulnerability (CNVD-2025-20452)

Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in the saveNICParamsToFile method. An attacker could exploit the vulnerability to write a file in the SYSTEM...

perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library

A flaw was found in the FCGI library. In affected versions, specially crafted nameLen or valueLen values in data sent to the IPC socket may result in a heap-based buffer overflow, which can cause an application crash or other undefined behavior. This occurs in ReadParams in fcgiapp.c...

Malicious code in virtru-design-params (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2c17dc3a9d15ee9a1acba1ea2eac04dd9544e09908d2014fcb8b9c689ba07c29 Any computer that has this package installed or running should be considered...

MAL-2025-4706 Malicious code in virtru-design-params (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2c17dc3a9d15ee9a1acba1ea2eac04dd9544e09908d2014fcb8b9c689ba07c29 Any computer that has this package installed or running should be considered...

CVE-2023-0586

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject...

CVE-2022-47458

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services...

CVE-2022-47323

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services...

CVE-2022-47370

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services...

perl:5.32 security update

An update is available for module.perl-Params-Check, module.perl-PerlIO-via-QuotedPrint, perl-Fedora-VSP, perl-Module-Build, perl-Math-BigRat, perl-Data-Section, module.perl-inc-latest, module.perl-Term-Cap, module.perl-Package-Generator, module.perl-autodie, perl-Sys-Syslog, perl-Params-Check,...

libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

PT-2025-17267

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically fixing NULL dereferences in the ef100 process design param function. The issue arose because ef100 probe main and ef10...

DEBIAN-CVE-2025-21941

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipectx-planestate in resourcebuildscalingparams Null pointer dereference issue could occur when pipectx-planestate is null. The fix adds a check to ensure 'pipectx-planestate' is not null befo...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a race condition in the PCM hwparams and hwfree calls...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: For Wi-Fi-related modules, such as mwifiex: The issue of warning messages during memcpy operations that span multiple fields in mwifiexconfigscan has been fixed. To address this issue, replace the one-element array in the struct...

The vulnerability of the PlaybackParams class in the Mozilla Firefox browser and Thunderbird email client allows a perpetrator to access confidential data.

The vulnerability of the PlaybackParams class in Mozilla Firefox and Thunderbird’s email client is related to synchronization errors when using a common resource “Race Situation”. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

Malicious code in payment-tx-params-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6861efcfa7f8e30a646e9a76387e80446245c2f7ce4966e55da1c8e6d34fcd9b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12020 Malicious code in payment-tx-params-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6861efcfa7f8e30a646e9a76387e80446245c2f7ce4966e55da1c8e6d34fcd9b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...