CVE-2019-12427

Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console...

CVE-2019-16779

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition...

Malicious code in oj-sp-css-additions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76f44dd1651a643e28e082a676732a19e8a8a8fcf5b2f88264aa47c7f5e31dce The package oj-sp-css-additions was found to contain malicious code. Source: ghsa-malware...

PT-2026-29140

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.2 Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an issue exists in the persistent cache read entry v3 function within libfreerdp/cache/persistent.c...

MAL-2025-192987 Malicious code in npm-xmt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcf1d57a75f915c7959a484b36e4b23c72425b90256a860d8d52e058599af296 The package npm-xmt was found to contain malicious code. Source: ghsa-malware 66603f4e5606fa61cf79355902ed86e376156cd0b163be93e0b471b87180e0b2 Any...

EUVD-2022-55849

In the Linux kernel, the following vulnerability has been resolved: pstore: Avoid kcore oops by vmaping with VMIOREMAP An oops can be induced by running 'cat /proc/kcore /dev/null' on devices using pstore with the ram backend because kmapatomic assumes lowmem pages are accessible with va. Unable ...

CVE-2023-54323 cxl/pmem: Fix nvdimm registration races

In the Linux kernel, the following vulnerability has been resolved: cxl/pmem: Fix nvdimm registration races A loop of the form: while true; do modprobe cxlpci; modprobe -r cxlpci; done ...fails with the following crash signature: BUG: kernel NULL pointer dereference, address: 0000000000000040...

CVE-2025-68992

CVE-2025-68992 affects BWL Knowledge Base Manager (bwL-kb-manager) for WordPress. Connected documents confirm a stored cross-site scripting (XSS) vulnerability in BW KBase Manager, affecting versions up to 1.6.3. The Wordfence report lists this as an authenticated (Contributor+) Stored XSS, indic...

Popular NPM Package lotusbail Exposed as Trojan Stealing WhatsApp Chats

Koi Security uncovers lotusbail, a malicious npm package with 56K downloads that steals WhatsApp messages and installs a persistent backdoor. Learn how to protect your data...

China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware

A China-linked advanced persistent threat APT group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System DNS requests to deliver its signature MgBot backdoor in attacks targeting victims in Türkiye, China, and India. The activity,...

📄 Netbus Backdoor 1.7 Remote Code Execution

Netbus Backdoor version 1.7 Metasploit module that leverages an insecure credential storage vulnerability that then performs command injection. ============================================================================================================================================= | Title :...

SUSE CVE-2023-54089

In the Linux kernel, the following vulnerability has been resolved: virtiopmem: add the missing REQOPWRITE for flush bio When doing mkfs.xfs on a pmem device, the following warning was ------------ cut here ------------ WARNING: CPU: 2 PID: 384 at block/blk-core.c:751 submitbionoacct Modules link...

CVE-2018-25138

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

CVE-2021-47732

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...

CVE-2021-47738

CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...

EUVD-2023-60356

In the Linux kernel, the following vulnerability has been resolved: virtiopmem: add the missing REQOPWRITE for flush bio When doing mkfs.xfs on a pmem device, the following warning was ------------ cut here ------------ WARNING: CPU: 2 PID: 384 at block/blk-core.c:751 submitbionoacct Modules link...

Cross-Site Scripting (XSS)

ezsystems/ezplatform-admin-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of user-controlled input in image asset names, content language names, and future publishing features, which allows an attacker with back-office editor or administrator privilege...

PT-2025-53053

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the RDMA/irdma component of the Linux kernel related to PBLE Persistent Binding List Entry objects. When the irdma module is removed, the memory allocated for the...

CVE-2021-47732

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...

PT-2025-52838

Name of the Vulnerable Software and Affected Versions CSZ CMS version 1.2.7 Description The software contains a persistent cross-site scripting issue that permits unauthorized users to inject malicious JavaScript into private messages. An attacker can send messages containing script payloads with...