165 matches found
perl:5.32 security update
An update is available for module.perl-ExtUtils-MakeMaker, perl-CPAN-Meta, module.perl-JSON-PP, perl-HTTP-Tiny, perl-IO-Socket-IP, module.perl-experimental, module.perl-MIME-Base64, module.perl-bignum, module.perl-Compress-Raw-Zlib, perl-Data-Dumper, module.perl-Math-BigRat, perl-Pod-Escapes,...
Astra Linux – Vulnerability in Nasm
There is a use-after-free in asm/preproc.c function ppgetline in Netwide Assembler NASM 2.14rc16, which will cause a denial of service during a line-number increment attempt...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: fixed the null pointer issue when the SMU is disabled. It is necessary to check whether the ppfuncs is initialized before releasing the context; otherwise, a null pointer panic will occur when the software SMU is n...
JLSEC-2026-595
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expandmmacro in modules/preprocs/nasm/nasm-pp.c...
CVE-2026-5028
The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...
CVE-2026-5028
The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...
CVE-2026-5028
The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...
CVE-2026-5028 Eight Day Week Print Workflow <= 1.2.6 - Authenticated (Subscriber+) SQL Injection via 'title' Parameter
The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...
PT-2026-39952
The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...
Malicious code in pp-react-v5 (npm)
pp-react-v5 is a dependency confusion package published at the inflated version 10.0.0 to win npm resolution over any internally-hosted package of the same name. The package contains only a package.json with no functional source code. On installation the preinstall script executes a wget command...
MAL-2026-3509 Malicious code in pp-react-v5 (npm)
pp-react-v5 is a dependency confusion package published at the inflated version 10.0.0 to win npm resolution over any internally-hosted package of the same name. The package contains only a package.json with no functional source code. On installation the preinstall script executes a wget command...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: pagepool: Fixed PPMAGICMASK to avoid crashes on some 32-bit architectures. Helge reported that introducing PPMAGICMASK caused crashes during boot-up on his 32-bit Parisc machine. The issue stems from the mask being too wide,...
Malicious Package
Overview pp-js-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
EUVD-2025-203036
Malicious code in pp-js-lib npm...
MAL-2025-192561 Malicious code in pp-js-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21ef567b818a3642f6a51a1d26f23c897c1ecc73c6e431361ee1512d288ab455 The package pp-js-lib was found to contain malicious code. Source: ghsa-malware ba1fcfff2f6e86511e78c7092763167dfd731beef4f008cc933bf1bb5b4255e1 Any...
CVE-2025-64064
Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...
CVE-2025-64062
The Primakon Pi Portal 1.0.18 /api/V2/ppusers?email endpoint is used for user data filtering but lacks proper server-side validation against the authenticated session. By manipulating the email parameter to an arbitrary value e.g., [email protected], an attacker can assume the session and gain...
EUVD-2025-199638
Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...
EUVD-2025-199632
UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...
CVE-2025-64064
Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...