CVE-2025-21778 tracing: Do not allow mmap() of persistent ring buffer

In the Linux kernel, the following vulnerability has been resolved: tracing: Do not allow mmap of persistent ring buffer When trying to mmap a trace instance buffer that is attached to reservemem, it would crash: BUG: unable to handle page fault for address: ffffe97bd00025c8 PF: supervisor read...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from tracing not properly handling mmap for persistent ring buffers, which could lead to a crash...

GHSA-7WRW-R4P8-38RX vulnerabilities

Vulnerabilities for packages: grpcurl, tflint, gitness, kserve-rest-proxy, minify, wuzz, s5cmd, vault-benchmark, glow, scorecard, kube-vip, sqlexporter, spiffe-helper, velero-plugin-for-microsoft-azure, kserve, k8s-device-plugin, docker-compose, openfga, kyverno-policy-reporter-kyverno-plugin,...

CVE-2019-8900

CVE-2019-8900 concerns a SecureROM vulnerability in some Apple devices that allows an unauthenticated local attacker to execute arbitrary code on boot. Exploitation requires physical access: device must be connected to a computer and booted in DFU mode; the change is not persistent across reboots...

Malicious code in sally-fn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4d8f992872ff1926200839cd344c09dfc137f063e5f7e5f87f54d62b1d758202 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

JetBrains YouTrack Log Message Disclosure Vulnerability

JetBrains YouTrack is a project management tool developed by JetBrains that supports cloud hosting and local deployment. JetBrains YouTrack suffers from a log information disclosure vulnerability that stems from the fact that persistent tokens can be exposed in logs. An attacker can exploit this...

Overcoming Security Challenges in Real-Time APIs

Speed is everything in the modern business world. Our attention spans are shorter than ever, consumers demand short and seamless interactions, and the slightest delay in service delivery can see organizations fall far behind their competitors. This is why real-time APIs are so important; they...

CVE-2024-23452

Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.51.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description： The httpparser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a...

Malicious code in grammyjs-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d05f6c295e765b1889ffc72832434e365ea15f5aa6f8a6a555f42364c86a2c17 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-57428

A stored cross-site scripting XSS vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields eventimg, seatmaps and seat number configurations numbernewX in pjActionCreate. Attackers can inject persistent JavaScript, leading to phishing, malware...

Malicious code in nodex123 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 618140b407aedfe1e6bb6be93aa0f3f347a759aa42e82f72ae5e44893a119237 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-57428

A stored cross-site scripting XSS vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields eventimg, seatmaps and seat number configurations numbernewX in pjActionCreate. Attackers can inject persistent JavaScript, leading to phishing, malware...

CVE-2024-57428

A stored cross-site scripting XSS vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields eventimg, seatmaps and seat number configurations numbernewX in pjActionCreate. Attackers can inject persistent JavaScript, leading to phishing, malware...

The vulnerability of the Persistent Login module in the Drupal CMS system allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Persistent Login module in the Drupal CMS system is related to an incorrect session duration. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

CVE-2024-51650

Cross-Site Request Forgery CSRF vulnerability in scottmydollarplancom Random Featured Post random-featured-post-plugin allows Stored XSS.This issue affects Random Featured Post: from n/a through = 1.1.3...

CVE-2024-4872

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential...

Malicious code in digitalexp-microfrontends-framework (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0ca94db6587b92069f32a0574951f800a7cf2789f0ca5ad3dce95bcb122e205 Any computer that has this package installed or running should be considered...

Malicious code in nft-transfer-transformer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90b61c51743bbb7e45afbab35984b72d25a2743ce9b95ce35a49bf6637a29bca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in com.unity.services.core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 570e09325b7eeead7439db1cd6a223b5de2ddab48982af7bb43957a6c48d9069 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cscvue-unplugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a34e0f08d710a6b8c04716fa45de265e2171939895e01a7d62f79cdefe72152 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...