CVE-2026-8877

The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remvideo' shortcode in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes notably 'id' and 'list' in the...

CVE-2026-8877

The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remvideo' shortcode in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes notably 'id' and 'list' in the...

EUVD-2026-32053

The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remvideo' shortcode in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes notably 'id' and 'list' in the...

PT-2026-43523

The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rem video' shortcode in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes notably 'id' and 'list' in the video...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010828)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010828 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Do not sleep in atomic context sgfinishremreq calls blkrqunmapuser. The latter function...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007330)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007330 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Do not sleep in atomic context sgfinishremreq calls blkrqunmapuser. The latter function...

CVE-2025-67901

openrsync through 0.5.0, as used in OpenBSD through 7.8 and on other platforms, allows a client to cause a server SIGSEGV by specifying a length of zero for block data, because the relationship between p-rem and p-len is not checked...

PT-2025-51180

openrsync through 0.5.0, as used in OpenBSD through 7.8 and on other platforms, allows a client to cause a server SIGSEGV by specifying a length of zero for block data, because the relationship between p-rem and p-len is not checked...

CVE-2025-34414

Entrust Instant Financial Issuance IFI On Premise software formerly referred to as CardWizard versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the Legacy Remoting Service that is enabled by default. The service registers a TCP remoting channel with...

UBUNTU-CVE-2025-40259

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Do not sleep in atomic context sgfinishremreq calls blkrqunmapuser. The latter function may sleep. Hence, call sgfinishremreq with interrupts enabled instead of disabled...

PT-2025-49089

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the SCSI subsystem, specifically in the sg module. The sg finish rem req function calls blk rq unmap user, which can potentially lead to sleeping...

CVE-2025-35050 Newforma Info Exchange (NIX) .NET unauthenticated deserialization

Newforma Info Exchange NIX accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server NPCS, so a...

PT-2025-41466

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange affected versions not specified Description Newforma Info Exchange accepts serialized .NET data via the /remoteweb/remote.rem API endpoint without proper validation. This allows a remote, unauthenticated attacker to...

SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers

A proxy network known as REM Proxy is powered by malware known as SystemBC , offering about 80% of the botnet to its users, according to new findings from the Black Lotus Labs team at Lumen Technologies. "REM Proxy is a sizeable network, which also markets a pool of 20,000 Mikrotik routers and a...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the QuoRem function in the eisenstein.go file. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...

MAL-2025-42960 Malicious code in @teasource/veniam-officiis-rem (npm)

The package @teasource/veniam-officiis-rem was found to contain malicious code...

Malicious code in @kollorg/rem-rem (npm)

The package @kollorg/rem-rem was found to contain malicious code...

Malicious code in @crabas0npm/modi-rem-nobis-totam (npm)

The package @crabas0npm/modi-rem-nobis-totam was found to contain malicious code...

Malicious code in @teasource/ipsam-rem-sit (npm)

The package @teasource/ipsam-rem-sit was found to contain malicious code...

Malicious code in @teasource/iste-rem-dolor (npm)

The package @teasource/iste-rem-dolor was found to contain malicious code...