RUSTSEC-2025-0161 libsecp256k1 is unmaintained

The maintainers recommend using k256 instead...

Malicious Package

Overview youreallydontwantthispackage2131 is a malicious package. This library contains malicious code and was removed from the package manager PyPi Remediation Avoid using all malicious instances of the youreallydontwantthispackage2131 package...

CVE-2024-47715 wifi: mt76: mt7915: fix oops on non-dbdc mt7986

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix oops on non-dbdc mt7986 mt7915bandconfig sets bandidx = 1 on the main phy for mt7986 with MT7975ONEADIE or MT7976ONEADIE. Commit 0335c034e726 "wifi: mt76: fix race condition related to checking tx queue fi...

Malicious Package

Overview braintree.github.io is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between...

Pimax Play and PiTool accept WebSocket connections from unintended endpoints

Overview Pimax Play and PiTool provided by Pimax accept WebSocket connections from unintended endpoints CWE-923. Rei Yano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Arbitrary code may be executed by a...

owlwisemarketing.com.xx3.kz Cross Site Scripting vulnerability OBB-3947284

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-28048

OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using ffBull ver.4.11...

CVE-2024-28033

OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using WebProxy...

CVE-2024-26018

Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a...

CVE-2024-28126

Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using 0ch BBS Script ver.4.00...

CVE-2024-28048

OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using ffBull ver.4.11...

CVE-2024-28048

OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using ffBull ver.4.11...

PT-2024-22281 · Easyrange · Easyrange

Name of the Vulnerable Software and Affected Versions: EasyRange Ver 1.41 Description: The issue with the executable file search path when displaying an extracted file on Explorer may lead to loading an executable file that resides in the same folder where the extracted file is placed. If this...

JVN#17176449: ffBull vulnerable to OS command injection

ffBull according to the original report submitted by the reporter provided by Fortunefield is a bulletin board system BBS. ffBull contains an OS command injection vulnerability CWE-78. Impact A remote unauthenticated attacker may execute an arbitrary OS command with the privilege of the running w...

PT-2024-12783 · Dell · Dell Esi

Name of the Vulnerable Software and Affected Versions: DELL ESI Enterprise Storage Integrator for SAP LAMA version 10.0 Description: The issue concerns an information disclosure vulnerability in the EHAC component of DELL ESI Enterprise Storage Integrator for SAP LAMA. A remote unauthenticated...

CVE-2024-21601

A Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in the Flow-processing Daemon flowd of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service Dos. On SRX Series devices when t...

CVE-2023-46362

jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2encautothresholdusinghash in src/jbig2enc.cc...

DEBIAN-CVE-2023-46362

jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2encautothresholdusinghash in src/jbig2enc.cc...

UBUNTU-CVE-2023-46362

jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2encautothresholdusinghash in src/jbig2enc.cc...

PT-2023-30064 · Fancms · Fancms

Name of the Vulnerable Software and Affected Versions: FanCMS version 1.0.0 Description: A Cross Site Scripting issue allows an attacker to execute arbitrary code via the content1 parameter in the "demo.php" file. Recommendations: For FanCMS version 1.0.0, avoid using the content1 parameter in th...