3197 matches found
Mermaid 跨站脚本漏洞
Mermaid is a mermaid-js open source application. Create charts and visualizations using text and code. A cross-site scripting vulnerability exists in Mermaid versions 10.9.0-rc.1 through 11.9.0, which stems from user-entered sequence diagram tags passed to innerHTML, potentially leading to...
PT-2025-33816
Name of the Vulnerable Software and Affected Versions: Mermaid versions 10.9.0-rc.1 through 11.9.0 Description: Mermaid is a JavaScript-based diagramming and charting tool that utilizes Markdown-inspired text definitions and a renderer to create and modify diagrams. In the default configuration,...
CVE-2025-38551
In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix recursived rtnllock during probe The deadlock appears in a stack trace like: virtnetprobe rtnllock virtioconfigchangedwork netdevnotifypeers rtnllock It happens if the VMM sends a VIRTIONETSANNOUNCE request while...
CVE-2025-38528
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt = "%p%"; bpftraceprintkfmt, sizeoffmt; The above BPF program isn't rejected and causes a kernel warning at runtime: Please remove unsupported %\x00 in...
RMSL: Weakly-Supervised Insider Threat Detection with Robust Multi-Sphere Learning
Insider threat detection aims to identify malicious user behavior by analyzing logs that record user interactions. Due to the lack of fine-grained behavior-level annotations, detecting specific behavior-level anomalies within user behavior sequences is challenging. Unsupervised methods face high...
Linux Distros Unpatched Vulnerability : CVE-2022-48434
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to...
Linux Distros Unpatched Vulnerability : CVE-2025-38067
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rseq: Fix segfault on registration when rseqcs is non-zero The rseqcs field is documented as being set to 0 by user-space prior to registration, however this is...
Malicious code in js-sequence-diagrams (npm)
The package js-sequence-diagrams was found to contain malicious code...
MAL-2025-23922 Malicious code in js-sequence-diagrams (npm)
The package js-sequence-diagrams was found to contain malicious code...
MAL-2025-39052 Malicious code in webtask-sequence-editor (npm)
The package webtask-sequence-editor was found to contain malicious code...
Malicious code in webtask-sequence-editor (npm)
The package webtask-sequence-editor was found to contain malicious code...
CVE-2025-22840
Sequence of processor instructions leads to unexpected behavior for some IntelR XeonR 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access...
EulerOS 2.0 SP11 : nss (EulerOS-SA-2025-1962)
According to the versions of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is...
DRUPAL-CONTRIB-2025-096
This module enables users to setup two-factor authentication 2FA using authenticator apps for enhanced login security. The module alters the standard Drupal login form to use AJAX callbacks for handling authentication flow. The module doesn't sufficiently validate authentication under specific...
EulerOS 2.0 SP13 : nss (EulerOS-SA-2025-1982)
According to the versions of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is...
CVE-2025-22840
Sequence of processor instructions leads to unexpected behavior for some IntelR XeonR 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2025-22840
Sequence of processor instructions leads to unexpected behavior for some IntelR XeonR 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access...
UBUNTU-CVE-2025-22840
Sequence of processor instructions leads to unexpected behavior for some IntelR XeonR 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2025-22840
Sequence of processor instructions leads to unexpected behavior for some IntelR XeonR 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2025-22840
Sequence of processor instructions leads to unexpected behavior for some IntelR XeonR 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access...