@env-hopper/backend-core (>=2.0.1-alpha-20260224145405 <=2.0.1-alpha.3), @env-hopper/frontend-core (>=2.0.1-alpha <=2.0.1-alpha.11) +4 more potentially affected by CVE-2025-48054 via radashi (=12.5.0-beta.6d5c035)

radashi NPM version =12.5.0-beta.6d5c035 is affected by a known vulnerability. The following packages have a transitive dependency on radashi and may be impacted: - @env-hopper/backend-core =2.0.1-alpha-20260224145405, =2.0.1-alpha, =2.0.1-alpha-20260224145405, =0.0.1, =0.0.1, =0.0.1,...

CVE-2025-48752

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthreadmutex is unlocked...

Process Sync has a Potential Unsound Issue in SharedMutex

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthreadmutex is unlocked...

GHSA-MQWX-R894-9HFP Process Sync has a Potential Unsound Issue in SharedMutex

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthreadmutex is unlocked...

CVE-2025-48752

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthreadmutex is unlocked...

CVE-2025-48752

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthreadmutex is unlocked...

CVE-2025-48752

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthreadmutex is unlocked...

PT-2025-22829 · Unknown · Process-Sync

Name of the Vulnerable Software and Affected Versions: process-sync crate version 0.2.2 Description: The issue is related to the drop function in the process-sync crate for Rust, which lacks a check to ensure the pthread mutex is unlocked. Recommendations: For process-sync crate version 0.2.2,...

CVE-2025-48752

In the Rust process-sync crate, version 0.2.2, the Drop implementation fails to verify whether the pthread_mutex is unlocked. This is the stated root cause of CVE-2025-48752, per multiple connected feeds. The sources do not provide exploit details, affected vectors beyond the mutex unlock check i...

Process Sync 资源管理错误漏洞

Process Sync is an application for multi-process environments by Andrei Odintsov, a personal developer. A resource management error vulnerability exists in Process Sync version 0.2.2, which stems from a missing pthreadmutex unlock check...

CVE-2025-48752

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthreadmutex is unlocked...

CVE-2025-23486

Missing Authorization vulnerability in tamlyn Database Sync database-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Database Sync: from n/a through = 0.5.1...

CVE-2024-0325

In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins...

CVE-2024-12033

The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the synclibraries function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries...

CVE-2024-7647

The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the otasyncwidgetsettingsfnc function. This makes it possible for unauthenticated attackers to...

CVE-2024-48546

Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file...

CVE-2024-53820

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Stored XSS.This issue affects Captivate Sync: from n/a through = 2.0.22...

CVE-2024-50388

An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later...

CVE-2024-11368

The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

CVE-2023-26490

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to...