Malicious code in monolith-twirp-support-helphub (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 97a64bd75388afe20d55befa04ed845034b1a467cace9204788c98fd29240024 The OpenSSF Package Analysis project identified 'monolith-twirp-support-helphub' @ 1.48.0 rubygems as malicious. It is considered malicious...

CVE-2025-54675

Cross-Site Request Forgery CSRF vulnerability in YITHEMES YITH WooCommerce Popup yith-woocommerce-popup allows Cross Site Request Forgery.This issue affects YITH WooCommerce Popup: from n/a through = 1.48.0...

CVE-2025-54675 WordPress YITH WooCommerce Popup Plugin plugin <= 1.48.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in YITHEMES YITH WooCommerce Popup yith-woocommerce-popup allows Cross Site Request Forgery.This issue affects YITH WooCommerce Popup: from n/a through = 1.48.0...

WordPress plugin YITH WooCommerce Popup 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2025-33228 · WordPress · Yith Woocommerce Popup

Name of the Vulnerable Software and Affected Versions: YITH WooCommerce Popup versions through 1.48.0 Description: A Cross-Site Request Forgery CSRF issue exists in YITH WooCommerce Popup, potentially allowing attackers to perform actions on behalf of authenticated users. Recommendations: Update...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1790)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: libuv

Issue Overview: libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to...

Slackware Linux 15.0 / current libuv Vulnerability (SSA:2024-051-02)

The version of libuv installed on the remote host is prior to 1.48.0. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-051-02 advisory. - libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and...

AZL-35782 CVE-2024-24806 affecting package cmake for versions less than 3.28.2-6

libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to create addresses...

Improper access control

libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to create addresses...

CVE-2024-24806 Improper Domain Lookup that potentially leads to SSRF attacks in libuv

libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to create addresses...

USN-2939-1 LibTIFF vulnerabilities | Cloud Foundry

USN-2939-1 LibTIFF vulnerabilities Low Vendor Ubuntu, LibTIFF Versions Affected Ubuntu 14.04 Description LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or...