4617 matches found
CVE-2025-64118
node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...
[SECURITY] Fedora 43 Update: openapi-python-client-0.26.2-4.fc43
The openapi-python-client is a powerful tool designed to generate modern Python clients from OpenAPI 3.0+ documents supporting both synchronous and asynchronous HTTP requests. It automates the creation of Python classes and methods that correspond to the endpoints and schema defined in your OpenA...
WordPress KiotViet Sync plugin <= 1.8.5 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin KiotViet Sync versions = 1.8.5...
WordPress KiotViet Sync plugin <= 1.8.5 - Use of Hard-coded Password to Authorization Bypass vulnerability
Use of Hard-coded Password to Authorization Bypass vulnerability discovered by kr0d in WordPress Plugin KiotViet Sync versions = 1.8.5...
WordPress KiotViet Sync plugin <= 1.8.5 - Unauthenticated Webhook Key Exposure vulnerability
Unauthenticated Webhook Key Exposure vulnerability discovered by kr0d in WordPress Plugin KiotViet Sync versions = 1.8.5...
PT-2025-45095
Name of the Vulnerable Software and Affected Versions KiotViet Sync plugin for WordPress versions up to and including 1.8.5 Description The KiotViet Sync plugin for WordPress is susceptible to exposure of sensitive information. Specifically, unauthenticated attackers can extract the webhook token...
PT-2025-45093
Name of the Vulnerable Software and Affected Versions KiotViet Sync plugin for WordPress versions up to and including 1.8.5 Description The KiotViet Sync plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the saveConfig function...
WordPress plugin KiotViet Sync 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A code issue...
WordPress plugin KiotViet Sync 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...
WordPress plugin KiotViet Sync 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...
WordPress plugin KiotViet Sync 信息泄露漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin KiotViet Sync, which ste...
PT-2025-45092
Name of the Vulnerable Software and Affected Versions KiotViet Sync plugin for WordPress versions up to and including 1.8.5 Description The KiotViet Sync plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the create media function. This...
PT-2025-45094
Name of the Vulnerable Software and Affected Versions KiotViet Sync plugin for WordPress versions up to and including 1.8.5 Description The KiotViet Sync plugin for WordPress is susceptible to authorization bypass. This is caused by the use of a hardcoded password for authentication within the...
Unity Linux 20.1050e Security Update: kernel (UTSA-2025-989949)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989949 advisory. In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit If venusprobe fails at pmruntimeputsync the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989755)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989755 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADFDEVRESETSYNC memory leak Using completiondone to determine whether the calle...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989206)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989206 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTLDSPSYNC There is a small race window at sndpcmosssync that is...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989053)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989053 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: quota: fix loop condition at f2fsquotasync cnt should be passed to sbhasquotaactive instead...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988909)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988909 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers: usb: host: Fix deadlock in oxubussuspend There is a deadlock in oxubussuspend, which is...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988826)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988826 advisory. In the Linux kernel, the following vulnerability has been resolved: ath11k: mhi: use mhisyncpowerup If amss.bin was missing ath11k would crash during 'rmmod...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988987)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988987 advisory. In the Linux kernel, the following vulnerability has been resolved: dma-buf/syncfile: Don't leak fences on merge failure Each addfence call does a dmafenceget on the...