3057 matches found
The vulnerability of the Frames component in Google Chrome and Microsoft Edge allows attackers to bypass existing security restrictions and perform substitution attacks on user interfaces.
The vulnerability of the Frames component in Google Chrome and Microsoft Edge involves bypassing authentication through spoofing. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions and replace the user interface with a specially created HTML page...
The vulnerability of the application programming interfaces of Google Chrome and Microsoft Edge allows a hacker to bypass existing security restrictions and perform a substitution of the user interface.
The vulnerability of the application programming interfaces of Google Chrome and Microsoft Edge relates to the bypassing of authentication processes through spoofing techniques. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions and replace the use...
The vulnerability of the Extensions component in Google Chrome and Microsoft Edge browsers allows attackers to bypass existing security restrictions and perform substitution attacks on user interfaces.
The vulnerability of the Extensions component in Google Chrome and Microsoft Edge involves bypassing authentication through spoofing. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions and replace the user interface...
The vulnerability of the Compositing component in Google Chrome and Microsoft Edge browsers allows attackers to replace the user interface.
The vulnerability of the Compositing component in Google Chrome and Microsoft Edge exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...
Bucket "h2o-release" publicly writable, allowing an attacker to replace any file
The S3 bucket "h2o-release" where you host docs and which you instruct your users to use as a Maven repo e.g. in here https://github.com/h2oai/h2o-3?tab=readme-ov-file3-using-h2o-3-artifacts is publicly writable. It is possible to overwrite any file in that bucket. As a PoC I created the followin...
CVE-2025-21657
In the Linux kernel, the following vulnerability has been resolved: schedext: Replace rqlock to rawspinrqlock in scxopsbypass scxopsbypass iterates all CPUs to re-enqueue all the scx tasks. For each CPU, it acquires a lock using rqlock regardless of whether a CPU is offline or the CPU is currentl...
CVE-2025-21657
CVE-2025-21657 relates to the Linux kernel sched_ext component. The root cause was that scx_ops_bypass() re-enqueued scx tasks across CPUs by acquiring rq_lock() for online CPUs regardless of CPU state, which could trigger a spurious rq_pin_lock() warning. The fix replaces rq_lock() with raw_spin...
CVE-2025-21657 sched_ext: Replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass()
In the Linux kernel, the following vulnerability has been resolved: schedext: Replace rqlock to rawspinrqlock in scxopsbypass scxopsbypass iterates all CPUs to re-enqueue all the scx tasks. For each CPU, it acquires a lock using rqlock regardless of whether a CPU is offline or the CPU is currentl...
MAL-2025-318 Malicious code in webpack-extensive-lodash-replacement-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 845800d2390e86cf58dcd05fd029a2ff2a064fef8ec1bc60b2ad041467db4fdb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Description of the security update for Office 2016: January 14, 2025 (KB5002675)
Description of the security update for Office 2016: January 14, 2025 KB5002675 Summary This security update resolves a Microsoft Office security feature bypass vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-21346. Note: To apply...
Silverstripe Asset Admin Module 跨站脚本漏洞
Silverstripe Asset Admin Module is an open source asset management module from Silverstripe. A cross-site scripting vulnerability exists in Silverstripe Asset Admin Module, which stems from the fact that HTML is not sanitized until the shortcode is replaced, allowing execution of script loads in...
CVE-2024-48875
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't take devreplace rwsem on task already holding it Running fstests btrfs/011 with MKFSOPTIONS="-O rst" to force the usage of the RAID stripe-tree, we get the following splat from lockdep: BTRFS info device sdd:...
UBUNTU-CVE-2024-48875
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't take devreplace rwsem on task already holding it Running fstests btrfs/011 with MKFSOPTIONS="-O rst" to force the usage of the RAID stripe-tree, we get the following splat from lockdep: BTRFS info device sdd:...
CVE-2024-48881
CVE-2024-48881 concerns the Linux kernel’s bcache implementation. The issue was a NULL pointer dereference risk in cache_set_flush() caused by a changed check: the code could access c->root when previous registration failed before c->root was allocated. The patch reverts the IS_ERR check to...
CVE-2024-48875 btrfs: don't take dev_replace rwsem on task already holding it
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't take devreplace rwsem on task already holding it Running fstests btrfs/011 with MKFSOPTIONS="-O rst" to force the usage of the RAID stripe-tree, we get the following splat from lockdep: BTRFS info device sdd:...
CVE-2024-48875
In the Linux kernel, CVE-2024-48875 is described as a fix for a btrfs issue: don’t take the dev_replace rwsem if the task already holds it. The root cause is a possible deadlock when btrfs_dev_replace flow takes the same rwsem twice during operations like btrfs_map_block, as demonstrated by a loc...
OESA-2025-1024 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: A vulnerability has been found in cURL Network Utility Software and classified as problematic. Affected by this vulnerability is an unknown cod...
SUSE CVE-2024-56664
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix race between element replace and close Element replace with a socket different from the one stored may race with socket's close link popping & unlinking. sockmapdelete unconditionally unrefs the wrong element: /...
CVE-2025-22149 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...
CVE-2024-56664
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix race between element replace and close Element replace with a socket different from the one stored may race with socket's close link popping & unlinking. sockmapdelete unconditionally unrefs the wrong element: /...