EUVD-2007-5939

Malware in sbrugna...

EUVD-2024-27267

Malicious code in bioql PyPI...

CVE-2024-57766

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField...

PT-2025-17979 · Goldendb · Goldendb

Name of the Vulnerable Software and Affected Versions: GoldenDB affected versions not specified Description: The issue is related to a code-related problem in the GoldenDB database product, allowing attackers to access system tables. This access can disrupt the normal operation of business SQL...

CVE-2024-57764

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add...

CVE-2024-57766

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField...

CVE-2024-57763

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField...

PT-2025-3558 · Msfm +1 · Msfm +1

Name of the Vulnerable Software and Affected Versions: MSFM versions prior to 2025.01.01 Description: A fastjson deserialization issue was found in the component system/table/add. This issue affects MSFM and can be exploited via the system/table/add component. Recommendations: For versions prior ...

CVE-2024-9653 Restaurant Menu – Food Ordering System – Table Reservation <= 2.4.2 - Reflected Cross-Site Scripting

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the getSystemTable and Delete methods in the common.php file. An attacker can disrupt service availability by exploiting this logic flaw to delete critical commands. Details Denial of Service DoS describes a...

CVE-2024-2312

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass...

CVE-2024-2312

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass...

CVE-2024-2312

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass...

CVE-2024-2312

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass...

CVE-2024-2312

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass...

Oracle 19c / 21c Sharding Component Password Hash Exposure

Title: CVE-2023-22074 – Oracle database password hash exposure in sharding component Product: Database Manufacturer: Oracle Affected Versions: 19c,21c 19.3-19.20 and 21.3-21.11 Tested Versions: 19c Risk Level: Low Solution Status: Fixed CVE Reference: CVE-2023-22074 Base Score: 2.4 Author of...

PT-2022-34961 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.4 Description: The issue concerns a problem with memory management in the EFI SSDT table handling. When the ACPI table is loaded successfully, the memory is not freed, which could potentially lead to securi...

grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled

A flaw was found in GRUB 2, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table SSDT containing code to overwrite the Linux kernel lockdown variable content direct...

Bn-Uefi-Helper - Helper Plugin For Analyzing UEFI Firmware

Helper plugin for analyzing UEFI firmware. This plugin contains the following features: Apply the correct prototype to the entry point function Fix segments so all segments are RWX and have the correct semantics This allows for global function pointers to be rendered correctly Apply types for cor...

AZL-6460 CVE-2020-14372 affecting package grub2 for versions less than 2.06~rc1-7

A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table SSDT containing code to overwrite the Linux kernel lockdow...