Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID could be larger than DSAMAXPORTS the size of mv88e6xxxchip.ports array...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005510)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005510 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-44988)

net: dsa: mv88e6xxx: vulnerability caused an out-of-bound access in the mv88e6xxx driver due to an ATU violation causing the SPID to exceed DSAMAXPORTS, which was resolved by ensuring the SPID stays within the valid range. This plugin only works with Tenable.ot. Please visit...

EUVD-2005-2199

Malware in sbrugna...

Malicious code in cmp-spid-login (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f4229460b134c6c1fe4e3accbf1756e1706643a8d37bfd8a3cbe2817c11d4ced The OpenSSF Package Analysis project identified 'cmp-spid-login' @...

MAL-2025-4933 Malicious code in cmp-spid-login (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f4229460b134c6c1fe4e3accbf1756e1706643a8d37bfd8a3cbe2817c11d4ced The OpenSSF Package Analysis project identified 'cmp-spid-login' @...

CVE-2024-11758

The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wit...

CVE-2025-24894

SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider IDP: the system that authenticates users and provides identity information SAML affirmation to the Service...

User Impersonation

Overview SPID.AspNetCore.Authentication is a custom implementation of an AspNetCore RemoteAuthenticationHandler for SPID a.k.a. the Italian 'Sistema Pubblico di Identità Digitale'. Affected versions of this package are vulnerable to User Impersonation due to the insufficient validation of SAML...

The AspNetCore Remote Authenticator for SPID Allows SAML Response Signature Verification Bypass

Description Authentication using Spid and CIE is based on the SAML2 standard which provides for two entities: Identity Provider IdP: the system that authenticates users and provides identity information SAML assertions to the Service Provider, essentially, it is responsible for managing user...

CVE-2025-24894

SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider IDP: the system that authenticates users and provides identity information SAML affirmation to the Service...

CVE-2025-24894 SAML Response Signature Verification Bypass in SPID.AspNetCore.Authentication

SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider IDP: the system that authenticates users and provides identity information SAML affirmation to the Service...

CVE-2025-24894 SAML Response Signature Verification Bypass in SPID.AspNetCore.Authentication

SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider IDP: the system that authenticates users and provides identity information SAML affirmation to the Service...

PT-2025-7043 · Unknown · Spid.Aspnetcore.Authentication

Name of the Vulnerable Software and Affected Versions: SPID.AspNetCore.Authentication versions prior to 3.4.0 Description: The issue is related to the validation logic of SAML assertions in the SPID.AspNetCore.Authentication library. An attacker could create an arbitrary SAML response that would ...

CVE-2024-11758

The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wit...

CVE-2024-11758

The CVE-2024-11758 entry affects the WP SPID Italia WordPress plugin. Impact: Stored Cross-Site Scripting via the plugin shortcode allows an authenticated attacker (contributor level or higher) to inject web scripts that execute when visitors access the affected page. Technical details: all versi...

CVE-2024-11758 WP SPID Italia <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wit...

WordPress WP SPID Italia plugin <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin WP SPID Italia versions = 2.9...

MAL-2024-12041 Malicious code in spid-csvautofilljs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a58cfebfacf0be1701b2d356aa0e74d6a7c0fa67c9340191ce5ca79a8a50894 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in spid-csvautofilljs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a58cfebfacf0be1701b2d356aa0e74d6a7c0fa67c9340191ce5ca79a8a50894 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...