7606 matches found
SUSE CVE-2023-5528
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...
CVE-2025-51541
A stored cross-site scripting XSS vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The cdatabaseschema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious...
CVE-2025-51541
A stored cross-site scripting XSS vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The cdatabaseschema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious...
CVE-2025-51541
A stored cross-site scripting XSS vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The cdatabaseschema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious...
CVE-2025-51541
A stored cross-site scripting XSS vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The cdatabaseschema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious...
New 'Plague' PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft
Cybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year. "The implant is built as a malicious PAM Pluggable Authentication Module, enabling attackers to silently bypass system authentication and gain persistent S...
GHSA-6V2P-P543-PHR9 vulnerabilities
Vulnerabilities for packages: memcached-exporter, terraform, trust-manager, victoriametrics-cluster, kubeflow-katib, terraform-provider-kubernetes, bank-vaults, opentofu, kapp, spegel, cass-operator, helm-push, newrelic-nri-statsd, azurefile-csi, redis-operator, k8ssandra-operator, go-discover,...
Malicious code in real-socket-rt (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 897bfab5a2a7a305ab43ec0ffd356a56000463ad0f0c9c77731d1aa197aca121 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
RLSA-2025:10074 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Content-Disposition header ignored when a file is included in an embed or object tag CVE-2025-6430 firefox: Use-after-free in FontFaceSet CVE-2025-6424 firefox:...
Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access
Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the "mu-plugins" directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary actions. Must-use plugins aka mu-plugins are special plugins that are automatically activate...
Imperva Customers Protected Against Critical “ToolShell” Zero‑Day in Microsoft SharePoint
A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, is under active exploitation in the wild. The vulnerability, with a CVSS score of 9.8, impacts on-premises SharePoint Server 2016, 2019, and Subscription Edition, and allows unauthenticated remote code execution...
CVE-2025-41681
A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content...
CVE-2025-41681 Persistent Cross-Site Scripting via POST Requests Due to Improper Neutralization of Input
A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content...
CVE-2025-41681 Persistent Cross-Site Scripting via POST Requests Due to Improper Neutralization of Input
A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content...
CVE-2025-41681
CVE-2025-41681 is a persistent XSS due to improper neutralization of input, affecting Helmholz REX100 and MB CONNECT LINE mbNET.mini (versions
Chaindesk Cross Site Scripting
Chaindesk, a web application for constructing AI Agents, is vulnerable to a persistent cross site scripting vulnerability in its agent chat component. An attacker can achieve arbitrary client-side script execution by crafting an AI agent whose system prompt instructs the underlying Large Language...
Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access
Cybersecurity researchers have disclosed what they say is a "critical design flaw" in delegated Managed Service Accounts dMSAs introduced in Windows Server 2025. "The flaw can result in high-impact attacks, enabling cross-domain lateral movement and persistent access to all managed service accoun...
Malicious code in what_type_of_self_indulgent_sub-par_challenge_is_this (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3aab675be401e5fe6766b12bc5278c932ac0e97db81223ce0a5b14870dbb558 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @segmentation/gf2fov (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8cca9c2565b19f690b835370484ad318ef144e452a6bd93f7fb9461803f3b5cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in symphony-cryptolib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8216b9fdde76a4f40936fd19fbe9a3a7d73dcf66ffdde04c6cf54ee965448b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...