28 matches found
MAL-2026-4684 Malicious code in tdpilot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92ebe5ca10c51471256249507d8c7b142996cc72d7472a7a55c08fe6351876f9 run.js invokes execSync"curl -LsSf https://astral.sh/uv/install.sh | sh", fetching and executing a remote shell script from astral.sh without integri...
Astra Linux - уязвимость в freerdp3
A flaw was discovered in the FreeRDP protocol used by Anaconda’s remote installation feature. A specially crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain disabled, resulting in a denial of service. The issue occurs before the system boots u...
EUVD-2025-28788
Malicious code in bioql PyPI...
CVE-2025-8102
The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the eddsendwpdisconnect and eddsendwpremoteinstall functions. This makes it possible for unauthenticated attackers t...
CVE-2025-8102
The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the eddsendwpdisconnect and eddsendwpremoteinstall functions. This makes it possible for unauthenticated attackers t...
CVE-2025-8102
CVE-2025-8102: Easy Digital Downloads for WordPress (versions ≤ 3.5.0) is vulnerable to Cross-Site Forgery via missing nonce checks in edd_sendwp_disconnect and edd_sendwp_remote_install. This CSRF allows unauthenticated attackers to deactivate or trigger activation/deactivation of the SendWP plu...
gnome-remote-desktop: freerdp: Unauthenticated RDP Packet Causes Segfault in FreeRDP Leading to Denial of Service
A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference...
DEBIAN-CVE-2025-4478
A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference...
CVE-2025-4478
A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference...
UBUNTU-CVE-2025-4478
A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference...
SUSE CVE-2025-4478
A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference...
CVE-2025-4478
A flaw was found in the gnome-remote-desktop used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointe...
CVE-2024-52347 WordPress Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera plugin <= 4.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpwebsitecreator Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera wp-website-creator allows Stored XSS.This issue affects Website remote Install vor Gravity, WPForms,...
CVE-2024-52347
CVE-2024-52347 is a stored XSS vulnerability described as Improper Neutralization of Input During Web Page Generation in the WordPress plugin/theme stack “Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera” (affected from n/a to 4.0). The issue arises from inadequate input ne...
CVE-2024-52347 WordPress Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera plugin <= 4.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpwebsitecreator Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera wp-website-creator allows Stored XSS.This issue affects Website remote Install vor Gravity, WPForms,...
WordPress plugin Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera 跨站脚本漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that allows you to set up a personal blog site on a PHP and MySQL server. WordPress plugin Website remote Install vor Gravity, WPForms,...
PT-2024-13044 · WordPress · Givewp +1
Name of the Vulnerable Software and Affected Versions: GiveWP plugin for WordPress versions up to, and including, 2.33.3 Description: The issue is due to missing or incorrect nonce validation on the give sendwp remote install handler function, making it possible for unauthenticated attackers to...
Attackers can Install Malware on iPhone When it is Powered Off – Research
By Deeba Ahmed The iOS Find My feature has a safety loophole that can lead to infecting the iPhone even if… This is a post from HackRead.com Read the original post: Attackers can Install Malware on iPhone When it is Powered Off - Research...
CVE-2020-12483 AppStore Remote Download and Installation Vulnerability
The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters...
Windows installer (MSI) repair doesn't work when MSI package is installed on an HTTP share in Windows
Windows installer MSI repair doesn't work when MSI package is installed on an HTTP share in Windows This article describes an issue of Windows installer MSI repair that occurs after you install security update 2962490 in Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 7 Service Pack ...