CVE-2017-20098

A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Persistent. It is possible to launch the attack remotely...

CVE-2012-5174

The KYOCERA AH-K3001V, AH-K3002V, WX300K, WX310K, WX320K, and WX320KR devices allow remote attackers to cause a denial of service persistent reboot via an e-mail message in an invalid format...

CVE-2004-2767

NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service connection slot exhaustion by establishing many FTP sessions that persist for the lifetime of a DS session...

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17.7 Bug Fix Update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.17.7 on Red Hat Enterprise Linux 9 from Red Hat Container Registry. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation...

CVE-2025-45755

A Stored Cross-Site Scripting XSS vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improper...

CVE-2025-45755

Vulnerable software: Vtiger CRM Open Source Edition v8.3.0. The issue is a Stored Cross-Site Scripting (XSS) vulnerability exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload mapped to the Service Name field; when uploaded, the applica...

Ubiquiti UniFi Protect Cameras 安全漏洞

The Ubiquiti UniFi Protect Application is an enterprise-grade security monitoring platform that supports both home and business users. A security vulnerability exists in Ubiquiti UniFi Protect Application, which stems from a misconfigured access token mechanism that can be exploited by an attacke...

Malicious code in lmk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2038ad5438e131b27ac4909e8adaf2ed1ce6a0667a10b46ed02c33209e2708a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

kernel: virtio_pmem: add the missing REQ_OP_WRITE for flush bio

A flaw was discovered in the virtiopmem driver in the Linux kernel, where flush block I/O requests did not have the required REQOPWRITE operation code assigned before submission. Under workloads involving persistent memory block devices — for example, running mkfs.xfs on a pmem device,this omissi...

Malicious code in sw-cur (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6b6e97eb66e9295d27e2c439734b0d7a8a4479ea22612dd7c5623827fcbb53eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-24220

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4. An app may be able to read a persistent device identifier...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and Apple iPadOS that stems from a privilege issue that could cause an...

System Prompt Poisoning: Persistent Attacks on Large Language Models beyond User Injection

Large language models LLMs have gained widespread adoption across diverse applications due to their impressive generative capabilities. Their plug-and-play nature enables both developers and end users to interact with these models through simple prompts. However, as LLMs become more integrated in...

CVE-2025-20181

A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the...

Important: Red Hat Security Advisory: RHODF-4.18-RHEL-9 security update

Updated images are now available for RHODF-4.18-RHEL-9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

Malicious code in your-published-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1cffcefb87ba1dfcfc4089b98727de2186cb5179c69a0f7630c359ff62ba3546 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in haml-jst-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0d8ca2db3fdc34877d4cbc9c4b109a713c2d744251b47b95621df2db46fc5fd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in kidding (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d8ac1b9b208a68f6eb5fba2340ef58f1e62f83363b647916f6e5ac29be571f07 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the EntriesForm class in the Forms module. An attacker can submit files with malicious filenames and execute arbitrary JavaScript in the browser context of authenticated admins. Note: This is a persistent XS...

Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US

The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm...