174 matches found
EUVD-2025-20666
Malicious code in bioql PyPI...
Malicious code in kssd-vol2-rev (npm)
The package kssd-vol2-rev was found to contain malicious code...
MAL-2025-44909 Malicious code in kssd-vol2-rev (npm)
The package kssd-vol2-rev was found to contain malicious code...
CVE-2025-53479
The CVE-2025-53479 entry concerns the MediaWiki CheckUser extension. Affected: Special:CheckUser interface; vulnerable in the rev-deleted-user message where the content is rendered without proper escaping, enabling reflected XSS via the uselang=x-xss language override mechanism. Affected versions...
Wikimedia Mediawiki - CheckUser Extension 安全漏洞
Wikimedia Mediawiki - CheckUser Extension is a Wikimedia Foundation extension for querying IP addresses. A security vulnerability exists in Wikimedia Mediawiki - CheckUser Extension that stems from a rev-deleted-user message that is not properly escaped, which could lead to a reflected cross-site...
CVE-2024-23174
An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder,...
CVE-2023-46732
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting RXSS via the rev parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a...
CVE-2005-3778
Unspecified vulnerability in MyBulletinBoard MyBB before 1.0 PR2 Rev 686 allows attackers to cause a denial of service via unknown vectors...
SUSE-SU-2025:20118-1 Security update for dnsmasq
This update for dnsmasq fixes the following issues: - Update to 2.90: CVE-2023-50387, CVE-2023-50868: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses bsc1219823, bsc1219826. Fix reversion in --rev-server introduced in 2.88 which caused breakage if the prefix...
CVE-2024-54136
ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly provided to...
Maritime lawyers assemble!
Maritime cyber insurance has been playing catch-up with maritime cyber security for a while now. It was all pretty good until the availability of cheap VSAT meant that ships became constantly connected. Vessels were mostly not connected at sea, other than Fleet Broadband connections, rarely used...
WordPress Slider Revolution Plugin <= 6.7.18 is vulnerable to Cross Site Scripting (XSS)
Software Slider Revolution Type Plugin Vulnerable versions = 6.7.18 Fixed in 6.7.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8107 Patch priority Low CVSS severity Low 5.9 Developer ThemePunch PSID 36b1d1650d8f Credits wesley wcraft Required...
Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: Version 3.0.0 Revision 1553 Firmware Ver. 4.00 Rev. 1501 Version 3.0.0 Revision 1542 Firmware Ver. 4.00 Rev. 1516 Version 3.0.0 Revision 1530 Firmware Ver...
CVE-2024-40038
CVE-2024-40038 affects idccms v1.35. A CSRF vulnerability exists via the endpoint "/admin/userScore_deal.php?mudi=rev". The CVSS 3.1 base score is 5.3 (Medium) with local attack vector, low impact on confidentiality, integrity, and availability, and user interaction required. Impact and root caus...
DEBIAN-CVE-2024-36891
In the Linux kernel, the following vulnerability has been resolved: mapletree: fix masemptyarearev null pointer dereference Currently the code calls masstart followed by masdataend if the maple state is MASTART, but masstart may return with the maple state node == NULL. This will lead to a null...
CVE-2024-35550
CVE-2024-35550 affects idccms v1.35. The vulnerability is a Cross-Site Request Forgery (CSRF) in the component /admin/infoWeb_deal.php?mudi=rev, enabling unauthorized actions by an authenticated user. CVSS v3.1 base score 6.3 (Network, Low to Medium impact; UI required). No exploit details or pro...
PT-2024-3752 · D Link · D-Link Dir-619L
Name of the Vulnerable Software and Affected Versions: D-Link DIR-619L Rev.B version 2.06B1 Description: A buffer overflow issue in the /bin/boa via formTcpipSetup function of the D-Link DIR-619L router's firmware allows remote authenticated users to trigger a denial of service DoS through the...
CVE-2022-48704 drm/radeon: add a force flush to delay work when radeon
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: add a force flush to delay work when radeon Although radeon card fence and wait for gpu to finish processing current batch rings, there is still a corner case that radeon lockup work queue may not be fully flushed, an...
NEXSYS-ONE 安全漏洞
NEXSYS-ONE is a cloud platform from NEXSYS-ONE, Inc. A security vulnerability exists in versions prior to NEXSYS-ONE Rev. 15320 that stems from the presence of path traversal, which allows a remote attacker to obtain sensitive information...
CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp
Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...