CVE-2025-24903

The CVE-2025-24903 entry concerns libsignal-service-rs, a Rust implementation of the Signal service client. Before commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact could forge a sync message by impersonating another device of the local user because the origin of sync messages was not ...

CVE-2025-24903 libsignal-service-rs Doesn't Check Origin of Sync Messages

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...

WordPress Post Sync plugin <= 1.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Post Sync versions = 1.1...

Azure File Sync Agent v20 Release – February 2025

Azure File Sync Agent v20 Release – February 2025 This article describes the improvements and issues that are fixed in the Azure File Sync Agent v20 release that is dated February 2025. Additionally, this article contains installation instructions for this release. Improvements and issues that ar...

MAL-2025-1256 Malicious code in pnpm-sync-api-tests (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7ff8a3208b0a7303df5e44ee0ec9bcc028b58bffe1fdabfbea89ab56a78cf841 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pnpm-sync-api-tests (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7ff8a3208b0a7303df5e44ee0ec9bcc028b58bffe1fdabfbea89ab56a78cf841 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2020-11079

node-dns-sync npm module dns-sync through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1...

CVE-2024-12152

The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'miplwcsyncdownloadlog' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

CVE-2024-32082

Cross-Site Request Forgery CSRF vulnerability in Kamlesh Parmar Sync Post With Other Site sync-post-with-other-site allows Cross Site Request Forgery.This issue affects Sync Post With Other Site: from n/a through = 1.9.1...

CVE-2024-54422

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tgw365 Evernote Sync evernote-sync allows Reflected XSS.This issue affects Evernote Sync: from n/a through = 3.0.0...

CVE-2024-31851

A path traversal vulnerability exists in the Java version of CData Sync 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions...

Vulnerabilities fixed in Zimbra Collaboration

Zimbra has fixed several vulnerabilities in Zimbra Collaboration. The vulnerabilities included an SQL injection in the ZimbraSyncService SOAP endpoint and an SSRF vulnerability in the RSS feed parser that allowed unauthorized access and manipulation of the database, as well as unauthorized...

CVE-2025-24371

CVE-2025-24371 affects CometBFT’s blocksync protocol. If a peer first reports a non-existent latest height X and then a lower Y (X&gt;Y), a node may continually try to catch up and become blocked, potentially impacting availability. This is a networked, low-complexity issue with high impact on av...

CVE-2025-24371 Malicious peer can make node stuck in blocksync in github.com/cometbft/cometbft

CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the blocksync protocol peers send their base and latest heights when they connect to a new node A, which is syncing to the tip of a network. base acts as a lower ground and informs A that the...

CVE-2025-25064

SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in...

MAL-2025-1014 Malicious code in apple-sync (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0c8a2862682c8b22d925c82e7abc361ea6cb147190926513d7f7c09af233899 Any computer that has this package installed or running should be considered...

Malicious code in apple-sync (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0c8a2862682c8b22d925c82e7abc361ea6cb147190926513d7f7c09af233899 Any computer that has this package installed or running should be considered...

CometBFT allows a malicious peer to make node stuck in blocksync

Name: ASA-2025-001: Malicious peer can disrupt node's ability to sync via blocksync Component: CometBFT OUTDATED Criticality: Medium Considerable Impact; Possible Likelihood per ACMv1.2 Update of Criticality on 2026-03-06: We've made a mistake and over-rated the criticality of this bug in our...

PT-2025-20511

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A issue in the Linux kernel has been identified where the task management thread accesses an invalid queue ID, set by the reset thread, which points to unallocated memory, causing a cras...

WordPress Woocommerce osCommerce Sync plugin <= 2.0.20 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Woocommerce osCommerce Sync versions = 2.0.20...