MiracleLinux 7 : firefox-102.8.0-2.0.1.el7.AXS7 (AXSA:2023-5143:11)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5143:11 advisory. Mozilla: Arbitrary memory write via PKCS 12 in NSS CVE-2023-0767 Mozilla: Content security policy leak in violation reports using iframes...

Malicious code in medifile (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5c005d95a9b1b91118e9306168ce69163190184714fe53c65b7ba716e867c8da Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-352 Malicious code in medifile (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5c005d95a9b1b91118e9306168ce69163190184714fe53c65b7ba716e867c8da Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

SUSE CVE-2025-71115

In the Linux kernel, the following vulnerability has been resolved: um: init cputasks earlier This is currently done in umlfinishsetup, but e.g. with KCOV enabled we'll crash because some init code can call into e.g. memparse, which has coverage annotations, and then the checks in checkkcovmode...

SUSE CVE-2025-71138

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add missing NULL pointer check for pingpong interface It is checked almost always in dpuencoderphyswbsetupctl, but in a single place the check is missing. Also use convenient locals instead of physenc- where availabl...

Many Hands Make Light Work: An LLM-Based Multi-Agent System for Detecting Malicious PyPI Packages

Malicious code in open-source repositories such as PyPI poses a growing threat to software supply chains. Traditional rule-based tools often overlook the semantic patterns in source code that are crucial for identifying adversarial components. Large language models LLMs show promise for software...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the LivewireFilemanagerComponent.php process due to missing file type and MIME validation. An attacker can execute arbitrary code by uploading a malicious PHP file and accessing it via the /storage/ URL. This...

CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

CVE-2025-14894

CVE-2025-14894 concerns Livewire Filemanager used with Laravel. The component LivewireFilemanagerComponent.php reportedly skips file type and MIME validation, enabling Remote Code Execution via uploading a malicious PHP file that, if a storage link/setup is present, can be executed through the /s...

CVE-2025-14844 Membership Plugin – Restrict Content <= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcpstripecreatesetupintentforsavedcard' function due to missing capability check. Additionally, the plugin does not check a user-controlled...

CVE-2025-14844

The CVE refers to the WordPress Membership Plugin – Restrict Content (versions through 3.2.16) with Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure. The flaw resides in rcp_stripe_create_setup_intent_for_saved_card where there is no proper capability ...

CVE-2025-14844

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcpstripecreatesetupintentforsavedcard' function due to missing capability check. Additionally, the plugin does not check a user-controlled...

Exploit for Improper Input Validation in Atlassian Confluence_Data_Center

🛡️ CVE-2023-22515: Confluence 권한 상승 취약점 심층 분석 !IMPORTANT...

Exploit for Improper Input Validation in Atlassian Confluence_Data_Center

CVE-2023-22515: Confluence Data Center & Server 권한 상승 취약점 분석 보...

PT-2026-3242

Name of the Vulnerable Software and Affected Versions Restrict Content plugin for WordPress versions prior to 3.2.17 Description The Restrict Content plugin for WordPress is affected by a missing authentication issue. This occurs due to a missing capability check within the rcp stripe create setu...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003793)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003793 advisory. A memory leak in the i40esetupmacvlans function in drivers/net/ethernet/intel/i40e/i40emain.c in the Linux kernel through 5.3.11 allows attackers to cause a denial o...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001418)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001418 advisory. nbdaddsocket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndbqueuerq use-after- free that could be triggered by local attackers with access to t...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000661)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000661 advisory. In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspisetupflash function. There are CQSPIMAXCHIPSELECT elements...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001551)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001551 advisory. fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000936)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000936 advisory. Double free vulnerability in the ioctxalloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service system crash or...