Lucene search
K

165 matches found

Rockylinux
Rockylinux
added 5 days ago6 views

perl:5.32 security update

An update is available for module.perl-ExtUtils-MakeMaker, perl-CPAN-Meta, module.perl-JSON-PP, perl-HTTP-Tiny, perl-IO-Socket-IP, module.perl-experimental, module.perl-MIME-Base64, module.perl-bignum, module.perl-Compress-Raw-Zlib, perl-Data-Dumper, module.perl-Math-BigRat, perl-Pod-Escapes,...

9.1CVSS6.4AI score0.0043EPSS
Exploits2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in Nasm

There is a use-after-free in asm/preproc.c function ppgetline in Netwide Assembler NASM 2.14rc16, which will cause a denial of service during a line-number increment attempt...

5.5CVSS6AI score0.00795EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: fixed the null pointer issue when the SMU is disabled. It is necessary to check whether the ppfuncs is initialized before releasing the context; otherwise, a null pointer panic will occur when the software SMU is n...

5.5CVSS5.9AI score0.00214EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 1:43 p.m.10 views

JLSEC-2026-595

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expandmmacro in modules/preprocs/nasm/nasm-pp.c...

5.5CVSS5.4AI score0.00317EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.8 views

CVE-2026-5028

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS5.7AI score0.00241EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 9:16 a.m.53 views

CVE-2026-5028

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS0.00241EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:48 a.m.6 views

CVE-2026-5028

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/12 7:48 a.m.72 views

CVE-2026-5028 Eight Day Week Print Workflow <= 1.2.6 - Authenticated (Subscriber+) SQL Injection via 'title' Parameter

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS0.00241EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.28 views

PT-2026-39952

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/11 12:0 a.m.11 views

Malicious code in pp-react-v5 (npm)

pp-react-v5 is a dependency confusion package published at the inflated version 10.0.0 to win npm resolution over any internally-hosted package of the same name. The package contains only a package.json with no functional source code. On installation the preinstall script executes a wget command...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/11 12:0 a.m.4 views

MAL-2026-3509 Malicious code in pp-react-v5 (npm)

pp-react-v5 is a dependency confusion package published at the inflated version 10.0.0 to win npm resolution over any internally-hosted package of the same name. The package contains only a package.json with no functional source code. On installation the preinstall script executes a wget command...

5.8AI score
Exploits0
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.3 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: pagepool: Fixed PPMAGICMASK to avoid crashes on some 32-bit architectures. Helge reported that introducing PPMAGICMASK caused crashes during boot-up on his 32-bit Parisc machine. The issue stems from the mask being too wide,...

6AI score0.00164EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/12 6:34 a.m.2 views

Malicious Package

Overview pp-js-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
EUVD
EUVD
added 2025/12/12 6:34 a.m.3 views

EUVD-2025-203036

Malicious code in pp-js-lib npm...

6.6AI score
Exploits0References1
OSV
OSV
added 2025/12/12 6:34 a.m.3 views

MAL-2025-192561 Malicious code in pp-js-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21ef567b818a3642f6a51a1d26f23c897c1ecc73c6e431361ee1512d288ab455 The package pp-js-lib was found to contain malicious code. Source: ghsa-malware ba1fcfff2f6e86511e78c7092763167dfd731beef4f008cc933bf1bb5b4255e1 Any...

6.8AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/26 12:42 a.m.7 views

CVE-2025-64064

Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...

8.8CVSS7AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/26 12:42 a.m.9 views

CVE-2025-64062

The Primakon Pi Portal 1.0.18 /api/V2/ppusers?email endpoint is used for user data filtering but lacks proper server-side validation against the authenticated session. By manipulating the email parameter to an arbitrary value e.g., [email protected], an attacker can assume the session and gain...

8.8CVSS7AI score0.00255EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/25 9:32 p.m.4 views

EUVD-2025-199638

Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...

8.8CVSS6.5AI score0.00255EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/25 9:32 p.m.4 views

EUVD-2025-199632

UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...

8.7CVSS6AI score0.00872EPSS
Exploits0References3
NVD
NVD
added 2025/11/25 7:15 p.m.4 views

CVE-2025-64064

Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...

8.8CVSS0.00255EPSS
Exploits0References2
Rows per page
Query Builder