EUVD-2009-1567

Malware in sbrugna...

Dotnetnuke < 10.0.1 Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects (CVE-2025-52486)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.0.1. It is, therefore, affected by a vulnerability. - DNN.PLATFORM Allows Reflected Cross-Site Scripting XSS in some TokenReplace situations with SkinObjects CVE-2025-52486 Note that...

CVE-2025-5578 PHPGurukul Dairy Farm Shop Management System sales-report-details.php sql injection

A vulnerability has been found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sales-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can ...

CVE-2023-52891

A vulnerability has been identified in SIMATIC Energy Manager Basic All versions V7.5, SIMATIC Energy Manager PRO All versions V7.5, SIMATIC IPC DiagBase All versions, SIMATIC IPC DiagMonitor All versions, SIMIT V10 All versions, SIMIT V11 All versions V11.1. Unified Automation .NET based OPC UA...

The vulnerability of embedded software developed by Qualcomm, related to synchronization errors when using common resources (“Race Situation”), allows a violator to trigger a service failure.

The vulnerability of embedded Qualcomm software programs is related to synchronization errors when using a common resource “Race Situation”. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2024-58132

In chainmaker-go aka ChainMaker before 2.3.6, multiple updates to a single node's configuration can cause other normal nodes to perform concurrent read and write operations on a map, leading to a panic...

Linux Distros Unpatched Vulnerability : CVE-2022-49097

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NFS: Avoid writeback threads getting stuck in mempoolalloc In a low memory situation, allow the NFS writeback code to fail without getting stuck in infinite loo...

Linux Distros Unpatched Vulnerability : CVE-2022-49219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vfio/pci: fix memory leak during D3hot to D0 transition If 'vfiopcicoredevice::needspmrestore' is set PCI device does not have NoSoftReset bit set in its PMCSR...

CVE-2022-49219 vfio/pci: fix memory leak during D3hot to D0 transition

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix memory leak during D3hot to D0 transition If 'vfiopcicoredevice::needspmrestore' is set PCI device does not have NoSoftReset bit set in its PMCSR config register, then the current PCI state will be saved locally in...

CVE-2022-49219

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix memory leak during D3hot to D0 transition If 'vfiopcicoredevice::needspmrestore' is set PCI device does not have NoSoftReset bit set in its PMCSR config register, then the current PCI state will be saved locally in...

CVE-2024-45007 char: xillybus: Don't destroy workqueue from work item running on it

In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Don't destroy workqueue from work item running on it Triggered by a kref decrement, destroyworkqueue may be called from within a work item for destroying its own workqueue. This illegal situation is averted by...

CVE-2024-41080 io_uring: fix possible deadlock in io_register_iowq_max_workers()

In the Linux kernel, the following vulnerability has been resolved: iouring: fix possible deadlock in ioregisteriowqmaxworkers The ioregisteriowqmaxworkers function calls ioputsqdata, which acquires the sqd-lock without releasing the uringlock. Similar to the commit 009ad9f0c6ee "iouring: drop...

CVE-2024-41045 bpf: Defer work in bpf_timer_cancel_and_free

In the Linux kernel, the following vulnerability has been resolved: bpf: Defer work in bpftimercancelandfree Currently, the same case as previous patch two timer callbacks trying to cancel each other can be invoked through bpfmapupdateelem as well, or more precisely, freeing map elements containi...

The vulnerability of Zoom’s video conferencing software, related to synchronization errors when using shared resources (“Race Situation”), allows attackers to escalate their privileges.

The vulnerability of Zoom’s video conferencing software is related to synchronization errors when using a shared resource “Race Situation”. Exploiting this vulnerability can allow attackers to gain increased privileges...

The Best Personal Safety Devices, Apps, and Wearables (2024)

Your smartphone or wearable could help you out in a truly dangerous situation. Here are some options to consider...

CVE-2024-26773

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4mbtrybestfound Determine if the group block bitmap is corrupted before using acbex in ext4mbtrybestfound to avoid allocating blocks from a group with a corrupted block...

CVE-2024-26773 ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4mbtrybestfound Determine if the group block bitmap is corrupted before using acbex in ext4mbtrybestfound to avoid allocating blocks from a group with a corrupted block...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an add-in interface crash in a lagging situation...

CVE-2024-26654 ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs

In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard-timer could schedule the spudmawork and the spudmawork could also arm the dreamcastcard-timer. When the sndpcmsubstream is closing, the aicachannel wi...

CVE-2023-52498

CVE-2023-52498 : Linux kernel sleep deadlock in system-wide PM code in low-memory conditions. root cause: system-wide resume core code could deadlock because async_schedule_dev() sometimes runs the argument synchronously and may contend for a mutex; this could cause ordering issues in resume call...