PT-2025-40091

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the bpf crypto crypt function where the size of the destination dynamic pointer dst is not validated against the size of the source dynamic pointer sr...

Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink

Summary The lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. Details...

CVE-2025-58361

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme check that does not protect against XSS. User-controlled URLs pass through src/utils/validation.ts, but the check only strips javascript: a...

CVE-2025-58361

CVE-2025-58361 : Promptcraft Forge Studio contains an incomplete URL scheme check in its validation.ts that does not block XSS via SVG/data URLs. User-controlled URLs pass through the check and, if used in href/src, can allow script execution. Affected: Promptcraft Forge Studio (all versions) wit...

CVE-2025-58353 Promptcraft Forge Studio: Complete Sanitizer Bypass Enables XSS via Overlapping Patterns

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as replace/javascript:/gi, ''. Because the package uses multi-character tokens and each replacement ...

PT-2025-36092

Name of the Vulnerable Software and Affected Versions: Promptcraft Forge Studio affected versions not specified Description: Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. The software’s input sanitization process, which utilizes regex...

Linux Distros Unpatched Vulnerability : CVE-2020-36129

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aomimage.c. CVE-2020-36129 Note that Nessus relies on the presence of the...

CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

UBUNTU-CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

CVE-2023-7307 Sangfor Behavior Management System XML External Entity Injection

Sangfor Behavior Management System also referred to as DC Management System in Chinese-language documentation contains an XML external entity XXE injection vulnerability in the /src/sangforindex endpoint. A remote unauthenticated attacker can submit crafted XML data containing external entity...

Linux Distros Unpatched Vulnerability : CVE-2023-41633

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c. CVE-2023-41633 Note that Nessus relies on the...

CVE-2025-57753

The CVE-2025-57753 vulnerability affects vite-plugin-static-copy (a Rollup plugin for Vite). Affected versions allow a crafted HTTP request to access files not included in src when the Vite dev server is exposed to the network. Impact is information disclosure of files outside the intended direct...

CVE-2025-57753 vite-plugin-static-copy files not included in `src` are accessible with a crafted request

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2...

vite-plugin-static-copy files not included in `src` are possible to access with a crafted request

Summary Files not included in src was possible to access with a crafted request. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Arbitrary files can be disclosed by exploiting this vulnerability. Details Consider the...

CVE-2025-9300

A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixeldebugprintpalette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local position. The exploit...

Malicious code in src-rn (npm)

The package src-rn was found to contain malicious code...

MAL-2025-33859 Malicious code in src-rn (npm)

The package src-rn was found to contain malicious code...

Malicious code in src-rn-extra (npm)

The package src-rn-extra was found to contain malicious code...

MAL-2025-33860 Malicious code in src-rn-extra (npm)

The package src-rn-extra was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2024-27007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: userfaultfd: change srcfolio after ensuring it's unpinned in UFFDIOMOVE Commit d7a08838ab74...