GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption

...

HDF5 H5FSsection.c H5FS__sect_link_size heap-based overflow

...

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.

...

Linux Distros Unpatched Vulnerability : CVE-2025-3644

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify. CVE-2025-3644...

CVE-2025-46810

A flaw was found in the traefik2 package of OpenSUSE and its derived distributions. This issue occurs due to an insecure chown call in the %post section of the traefik2 package, allowing the traefik user to obtain ownership of arbitrary files on the system when the traefik2 package is reinstalled...

kernel: net/sched: sch_qfq: Fix race condition on qfq_aggregate

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix race condition on qfqaggregate A race condition can occur when 'agg' is modified in qfqchangeagg called during qfqenqueue while other threads access it concurrently. For example, qfqdumpclass may trigger a...

Linux Distros Unpatched Vulnerability : CVE-2024-22653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasmsectionbcsappend function at section.c. CVE-2024-22653 Note that Nessus...

WordPress Parallax Section block plugin <= 1.0.9 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Denver Jackson in WordPress Plugin Parallax Section block versions = 1.0.9...

Linux Distros Unpatched Vulnerability : CVE-2019-19308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In texttoglyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section...

Malicious code in @espace-client-axafr/section-derniers-documents (npm)

The package communicates with a domain associated with malicious activity...

Linux Distros Unpatched Vulnerability : CVE-2016-9812

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The gstmpegtssectionnew function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service out-of-bounds read via a...

Linux Distros Unpatched Vulnerability : CVE-2019-12972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in...

Astra Linux – Vulnerability in binutils

A vulnerability classified as problematic was discovered in GNU Binutils 2.45. The function copysection in the file binutils/objcopy.c is affected by this vulnerability. Manipulation of this function leads to a heap-based buffer overflow. Local attacks are required to exploit this vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2024-24686

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based...

RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)

Exploit Title: RiteCMS 3.0.0 – Reflected Cross-Site Scripting XSS Google Dork: N/A Date: 2024-08-12 Exploit Author: GURJOT SINGH Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.0.0/ritecms.v3.0.0.zip Version: Steps: 1. Log in or...

CVE-2025-8905 Inpersttion For Theme <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call

The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the themesectionshortcode function. This is due to the plugin not restricting what functions can be called. This makes it possible for authenticated attackers, with...

CVE-2025-8905

CVE-2025-8905 concerns the WordPress plugin Inpersttion For Theme (versions up to 1.0). The vulnerability allows an authenticated attacker with Contributor-level access or higher to execute arbitrary server-side functions via the theme_section_shortcode() function, resulting in Remote Code Execut...

CVE-2025-8905 Inpersttion For Theme <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call

The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the themesectionshortcode function. This is due to the plugin not restricting what functions can be called. This makes it possible for authenticated attackers, with...

Linux Distros Unpatched Vulnerability : CVE-2023-52777

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix gtk offload status event locking The ath11k active pdevs are protected by...

Malicious code in omni-law-menu-section (npm)

The package omni-law-menu-section was found to contain malicious code...