4532 matches found
CVE-2025-11727
CVE-2025-11727 concerns Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto for WordPress. The WordPress plugin is susceptible to Stored Cross-Site Scripting via the sync() function in all versions up to 1.3.65, caused by insufficient input sanitization an...
📄 Microsoft Windows 11 Build 10.0.27898.1000 Insider Preview Privilege Escalation
A security vulnerability exists in the Windows Administrator Protection feature in Windows 11 Insider Preview that allows a low-privileged user to achieve privilege escalation. The vulnerability is located in the AiRegistrySync function within the appinfo service, which incorrectly copies registr...
PT-2025-49087
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the mptcp pm del add timer function, which can lead to a race condition. Specifically, the function may call sk stop timer sync while another process ...
Malicious code in chai-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f58d95adcd5fd2dce29ac379c47d6b4ca7239ae5d1eb53d06617067cc7623938 The package chai-sync was found to contain malicious code...
MAL-2025-191567 Malicious code in chai-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f58d95adcd5fd2dce29ac379c47d6b4ca7239ae5d1eb53d06617067cc7623938 The package chai-sync was found to contain malicious code...
BIT-GRAFANA-2025-41115 Incorrect privilege assignment
SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user...
SUSE CVE-2025-40213
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...
MAL-2025-191220 Malicious code in @fishingbooker/browser-sync-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79d64a6878784c34ef61c163e69714d7ac73721da8790b37ad02be83ec6246af The package @fishingbooker/browser-sync-plugin was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199318
Malicious code in @fishingbooker/browser-sync-plugin npm...
Malicious code in @fishingbooker/browser-sync-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79d64a6878784c34ef61c163e69714d7ac73721da8790b37ad02be83ec6246af The package @fishingbooker/browser-sync-plugin was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198890
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...
Malicious code in @posthog/gitub-star-sync-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4be422ec924addbeb23c34a8b3305835feb3d665ab57afdc1450734d0b10f5a4 The package @posthog/gitub-star-sync-plugin was found to contain malicious code. Source: google-open-source-security...
DEBIAN-CVE-2025-40213
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...
CVE-2025-40213
CVE-2025-40213 is a Linux kernel vulnerability in the Bluetooth MGMT subsystem. Root cause: stack-out-of-bounds in set_mesh_sync (memcpy from on-stack flexible array) and a crash in set_mesh_complete (double list_del). A fix uses DEFINE_FLEX for on-stack flexible arrays and prevents memcpy beyond...
CVE-2025-40213
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...
CVE-2025-40213 Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...
CVE-2025-40213
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...
CVE-2025-40213 Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...
Fake calendar invites are spreading. Here’s how to remove them and prevent more
We’re seeing a surge in phishing calendar invites that users can’t delete, or that keep coming back because they sync across devices. The good news is you can remove them and block future spam by changing a few settings. Most of these unwanted calendar entries are there for phishing purposes. Mos...
CVE-2025-41115 Incorrect privilege assignment
SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user...