@bentwnghk/chat (>=1.45.5 <=1.45.6), @clerk/elements (=0.0.2-snapshot.vc65ad98) +3 more potentially affected by CVE-2026-41248 via @clerk/nextjs (>=5.0.1-snapshot.vc65ad98 <=5.7.5)

@clerk/nextjs NPM version =5.0.1-snapshot.vc65ad98, =1.45.5, =1.2.8, =1.2.9 - @spike-npm-land/code =0.9.55 - spark-strand-login =1.0.1 Source cves: CVE-2026-41248 Source advisory: SNYK:JS-CLERKNEXTJS-16098250...

PT-2026-23813

Name of the Vulnerable Software and Affected Versions WordPress JS Archive List plugin versions up to and including 6.1.7 Description The JS Archive List plugin for WordPress is susceptible to PHP Object Injection through the 'included' shortcode attribute. This occurs because of the...

Compressing Vulnerable to Arbitrary File Write via Symlink Extraction

Arbitrary File Write via Symlink Extraction in github.com/node-modules/compressing Brief Introduction The compressing npm package extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an...

EUVD-2021-13129

Malware in sbrugna...

CVE-2025-30714

...

CVE-2025-30712

...

CVE-2024-13636

The Brooklyn theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.9.2 via deserialization of untrusted input in the otdecode function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object...

PT-2025-27819

Name of the Vulnerable Software and Affected Versions: MediaWiki versions affected versions not specified Description: The issue concerns package vulnerabilities in MediaWiki within Debian Linux. No further details are provided about the nature of the issue or its potential impact. Recommendation...

CVE-2024-10387

CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service...

PT-2024-27505 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue is being actively exploited. No further details are available about the nature of the issue or its potential impact. Recommendations: At the moment, there is no information...

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

The Qualys Threat Research Unit TRU has discovered a Remote Unauthenticated Code Execution RCE vulnerability in OpenSSH’s server sshd in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSHs server...

Internet Bug Bounty: CVE-2024-32760 in nginx

CVE-2024-32760 was discovered in the HTTP/3 QUIC module of NGINX Plus and NGINX OSS. When the module was configured, undisclosed HTTP/3 encoder instructions could cause NGINX worker processes to terminate or experience other potential impact...

CVE-2024-32760 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

Unchecked return value of low-level

Lines of code Vulnerability details Impact description of issue/finding Content includes @Audit stack and code example of the issue Assessed type other --- The text was updated successfully, but these errors were encountered: All reactions...

Exploit for Command Injection in Mjdm Majordomo

Deep Dive: CVE-2023-50917 - Unmasking an Unauthenticated Remo...

Exploring the Potential Impact of a Bitcoin Spot ETF Approval

By Owais Sultan The US Securities and Exchange Commission SEC is currently reviewing applications from several institutions for a spot Bitcoin… This is a post from HackRead.com Read the original post: Exploring the Potential Impact of a Bitcoin Spot ETF Approval...

setFullWeightDuration() can be called while a member election is ongoing

Lines of code Vulnerability details Bug Description In SecurityCouncilMemberElectionGovernorCountingUpgradeable, fullWeightDuration which is the duration where a user's votes has weight 1 can be set using setFullWeightDuration: SecurityCouncilMemberElectionGovernorCountingUpgradeable.solL77-L84...

Compromised Microsoft Key: More Impactful Than We Thought

Our investigation of the security incident disclosed by Microsoft and CISA and attributed to Chinese threat actor Storm-0558, found that this incident seems to have a broader scope than originally assumed. Organizations using Microsoft and Azure services should take steps to assess potential impa...

FreeBSD : OpenSSL -- Possible DoS translating ASN.1 identifiers (eb9a3c57-ff9e-11ed-a0d1-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the eb9a3c57-ff9e-11ed-a0d1-84a93843eb75 advisory. - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may...

PT-2023-35844 · Git +1 · Wireshark

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free error, which occurs when the program attempts to access memory that has already been freed. The crash state...