170 matches found
Exploit for Deserialization of Untrusted Data in Facebook React
$$\ $$\ $$$$$$$\ $$\ $$\ $$$$$$$$\ $$\ $...
firefox: thunderbird: Mitigation bypass in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Core & HTML component...
CVE-2023-52491
creationtimestamp| type| source ---|---|--- 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...
RHEL 7 : bind (RHSA-2025:22205)
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22205 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named %NASLMINLEVEL...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Siemens SIMATIC S7-1500 Buffer Copy without Checking Size of Input (CVE-2023-0687)
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246...
CVE-2025-54605
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption issue 2 of 2...
CVE-2025-61102
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextlinkadjsid function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...
uv has differential in tar extraction with PAX headers
Impact In versions 0.9.4 and earlier of uv, tar archives containing PAX headers with file size overrides were not handled properly. As a result, an attacker could contrive a source distribution as a tar archive that would extract differently when installed via uv versus other Python package...
PT-2025-46654
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to Transport Layer Security TLS asynchronous decryption. Specifically, if the tls strp msg hold function fails to allocate a clone of the input...
Ubuntu: Security Advisory (USN-7783-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-60139
Cross-Site Request Forgery CSRF vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Cross Site Request Forgery.This issue affects Sendle Shipping: from n/a through = 6.02...
Cross-site scripting vulnerability in Lectora course navigation
Overview Lectora Desktop versions 21.0–21.3 and Lectora Online versions 7.1.6 and older contained a cross-site scripting XSS vulnerability in courses published with Seamless Play Publish SPP enabled and Web Accessibility disabled. The vulnerability was initially patched in Lectora Desktop version...
CVE-2024-13151
CVE-2024-13151 is a SQL injection (CWE-89) vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service Software. All available sources describe the issue as stemming from improper neutralization of special elements in SQL commands, affecting Auto Servic...
CVE-2025-58767
REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these...
CVE-2024-12913 SQLi in Megatek Communication System's Azora Wireless Network Management
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Megatek Communication System Azora Wireless Network Management allows SQL Injection. This issue affects Azora Wireless Network Management: through 20250916. NOTE: The vendor did not inform about th...
CVE-2025-38705
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters ' ', '\n', '\0' to the under gpuod/fanctrl sysfs or pppowerprofilemode for the CUSTOM profile will result in a null pointer dereference...
CVE-2025-54543
QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add...
WordPress B Slider - Gutenberg Slider Block for WP plugin <= 2.0.0 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability
WordPress B Slider - Gutenberg Slider Block for WP plugin = 2.0.0 - Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by wesley wcraft in WordPress Plugin B Slider versions = 2.0.0...
SUSE CVE-2023-53158
The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...