Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Successfully freeing the rwi upon reset. The rwi structure is freed if the last rwi in the list is processed successfully. The logic in commit 4f408e1fa6e1 “ibmvnic: Retry the reset if there are no other resets” introduc...

EUVD-2024-50783

Malicious code in bioql PyPI...

PT-2025-38563

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer dereference issue exists in the TX completion packet stage of TI SoCs with CPSW2G instances, which have a single external ethernet port. Accessing ndev without...

WordPress Shipping via Planzer for WooCommerce plugin <= 1.0.25 - Reflected Cross-Site Scripting via processed-ids vulnerability

Reflected Cross-Site Scripting via processed-ids vulnerability discovered by vgo0 in WordPress Plugin Shipping via Planzer for WooCommerce versions = 1.0.25...

WordPress plugin Shipping via Planzer for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

Bitcoin Fog Operator Gets 12.5 Years for Longest-Running Bitcoin Laundering

Bitcoin Fog operator sentenced to 12.5 years for laundering $400M in crypto. The dark web's longest-running mixer processed…...

CVE-2024-34714

The CVE-2024-34714 entry affects the Hoppscotch Browser Extension (pre-0.35). The issue arises from an oversight during a change (commit d4e8e4830326f46ba17acd1307977ecd32a85b58) that allowed messages to be sent to the extension even when the origin was not present in the origin list, bypassing i...

Unexpected Increase in Exchange Incremental Data Processed By Veeam Backup for Microsoft 365

May 2025 Update This article has been updated with new information regarding the February 2025 occurrence and the results of the subsequent investigation. Issue Summary First Occurrence -- August 7 - August 21, 2023 Some customers using Veeam Backup for Microsoft 365 to back up Microsoft 365...

GHSA-PWVP-H579-HFXG Total.js CMS Path Traversal

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack ../ to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed...

IBM MQ Denial of Service Vulnerability (CNVD-2021-93631)

IBM MQ formerly IBM WebSphere MQ is a robust, secure and reliable messaging middleware. a denial of service vulnerability exists in IBM MQ versions 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, 9.2 CD. The vulnerability stems from incorrectly processed messages. An attacker could exploit the...

Arbitrary Code Execution

xstream is vulnerable to arbitrary code execution. A remote attacker is able to execute arbitrary code by manipulating the processed input stream...

CVE-2021-21341

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

XStream Server-Side Request Forgery Vulnerability

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . XStream has a server-side request forgery vulnerability that can be exploited by an attacker to manipulate the processed input strea...

OSV-2020-2240 Heap-buffer-overflow in process_chunked_data

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28265 Crash type: Heap-buffer-overflow READ 1 Crash state: processchunkeddata processdata fuzzprocessdata...

CVE-2020-3885

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed...

CVE-2019-10790

taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found...

CVE-2018-10614

An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files...

CVE-2017-7514

A cross-site scripting XSS flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users...

moorings.co.uk XSS vulnerability

Vulnerable URL:...

Fast and Full Featured SSL Scanner: SSLyze

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers. SSLyze is all Python code but it uses an OpenSSL wrapper...