Malicious code in jamelfromage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 271d7894271cf7955243595e5547eb23696f5524207ea6e9fa9e871b104405a3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-102967 Malicious code in fun_canidae-notthedevs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22d6987818a68f5f4aa75270c03e11958e74b3f8d625b33747624d5b5bf16bfb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in key_wallaby_harlequin-26 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c09739de0fee1c004eeef42f32969c5e7f70106b56bd0f321f22a5a3d8d4e11 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-101449 Malicious code in dewanto-tiwul98-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35828d4182d40b1e13703c3058eb2167c4748fbda7c4b6eb4705e9e0e0a70194 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-78398 Malicious code in gilang-keripik35-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 780b2f077cba65142da102e91972ba5f72c7d5c2f14a2b4317f5d9107829071f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

INTERN(al) MSRC variant hunting: From multi-tenant authorization to Model Context Protocol

When security researchers submit a vulnerability report to MSRC, the Vulnerabilities and Mitigations V&M team reviews it, reproduces the issue, and determines severity. The team reviews all submissions from internal and external security researchers...

UBUNTU-CVE-2025-38709

In the Linux kernel, the following vulnerability has been resolved: loop: Avoid updating block size under exclusive owner Syzbot came up with a reproducer where a loop device block size is changed underneath a mounted filesystem. This causes a mismatch between the block device block size and the...

AZL-53519 CVE-2024-50265 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: ocfs2: remove entry once instead of null-ptr-dereference in ocfs2xaremove Syzkaller is able to provoke null-ptr-dereference in ocfs2xaremove: 57.319872 a.out,1161,7:ocfs2xaremove:2028 ERROR: status = -12 57.320420...

CVE-2024-50280 dm cache: fix flushing uninitialized delayed_work on cache_ctr error

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix flushing uninitialized delayedwork on cachectr error An unexpected WARNON from flushwork may occur when cache creation fails, caused by destroying the uninitialized delayedwork waker in the error path of cachecreate...

CVE-2024-50278 dm cache: fix potential out-of-bounds access on the first resume

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix potential out-of-bounds access on the first resume Out-of-bounds access occurs if the fast device is expanded unexpectedly before the first-time resume of the cache table. This happens because expanding the fast...

CVE-2024-46785

In the Linux kernel, the following vulnerability has been resolved: eventfs: Use listdelrcu for SRCU protected list variable Chi Zhiling reported: We found a null pointer accessing in tracefs1, the reason is that the variable 'eichild' is set to LISTPOISON1, that means the list was removed in...

CVE-2024-46785

CVE-2024-46785 affects the Linux kernel, specifically an issue in eventfs relating to SRCU-protected lists. The root cause is a NULL pointer access in tracefs when ei_child can be set to LIST_POISON1 after removal in eventfs_remove_rec, leading to a crash/panic. The vulnerability materializes whe...

CVE-2023-52916 media: aspeed: Fix memory overwrite if timing is 1600x900

In the Linux kernel, the following vulnerability has been resolved: media: aspeed: Fix memory overwrite if timing is 1600x900 When capturing 1600x900, system could crash when system memory usage is tight. The way to reproduce this issue: 1. Use 1600x900 to display on host 2. Mount ISO through...

Helpdeskz 2.0.2 Cross Site Scripting

Exploit Title: Stored XSS Vulnerability via File Name Google Dork: N/A Date: 08 Aug 2024 Exploit Author: Md. Sadikul Islam Vendor Homepage: https://www.helpdeskz.com/ Software Link: https://github.com/helpdesk-z/helpdeskz-dev/archive/2.0.2.zip Version: v2.0.2 Tested on: Kali Linux / Firefox...

Microweber 2.0.15 Cross Site Scripting

Exploit Title: Microweber =v2.0.15 - Reflected Cross-Site Scripting XSS Date: 16.07.2024 Exploit Author: Prerak Mittal Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/releases/tag/v2.0.15 Version: =v2.0.15 Tested on: Ubuntu 22.04 CVE : CVE-2024-401...

CVE-2021-47375

In the Linux kernel, the following vulnerability has been resolved: blktrace: Fix uaf in blktrace access after removing by sysfs There is an use-after-free problem triggered by following process: P1sda P2sdb echo 0 /sys/block/sdb/trace/enable blktraceremovequeue synchronizercu blktracefree...

CVE-2024-35941

This CVE (CVE-2024-35941) has concrete details in connected sources: a use-after-free in the Linux kernel net subsystem, due to skb->network_header overflow (u16) that makes skb_network_offset(skb) return a negative value. Consequently, __skb_pull() can move skb->data to memory outside skb-...

Leafpub 1.1.9 - Stored XSS Vulnerability

Leafpub 1.1.9 - Stored Cross-Site Scripting XSS Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://github.com/Leafpub Software Link: https://github.com/Leafpub/leafpub Version: 1.1.9 Tested on: MacOS Steps to Reproduce - Please login from this address: http://localhost/leafpub/admin/login...

Computer Laboratory Management System 1.0 Insecure Direct Object Reference

Vulnerability Details: Application Name: Computer Laboratory Management System Software Link: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html Vendor Homepage: https://www.sourcecodester.com/users/tips23 BuG: Insecure Direct Object References...

Customer Support System 1.0 - Multiple SQL injection Vulnerability

Exploit Title: Customer Support System 1.0 - Multiple SQL injection vulnerabilities Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...