40718 matches found
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/takeaction.php?id=. id: CVE-2022-31984 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...
XWiki >= 2.5-milestone-2 - Cross-Site Scripting
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as:...
CVE-2026-46252 affecting package kernel for versions less than 6.6.144.1-1
CVE-2026-46252 affecting package kernel for versions less than 6.6.144.1-1. A patched version of the package is available...
CVE-2026-53163 affecting package kernel for versions less than 6.6.144.1-1
CVE-2026-53163 affecting package kernel for versions less than 6.6.144.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-53167 affecting package kernel for versions less than 6.6.144.1-1
CVE-2026-53167 affecting package kernel for versions less than 6.6.144.1-1. A patched version of the package is available...
CVE-2026-53325 affecting package kernel for versions less than 6.6.144.1-1
CVE-2026-53325 affecting package kernel for versions less than 6.6.144.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-53151 affecting package kernel for versions less than 6.6.144.1-1
CVE-2026-53151 affecting package kernel for versions less than 6.6.144.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-53361 affecting package kernel for versions less than 6.6.144.1-1
CVE-2026-53361 affecting package kernel for versions less than 6.6.144.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-62209
OpenClaw 2026.5.10-beta.1 before 2026.6.5 contains an authorization bypass in the ClickClack agent-mode dispatch feature. When enabled and reachable, a lower-trust caller or configured input path could bypass the required policy checks (toolsAllow), allowing actions that should require stronger a...
CVE-2026-59886
A remote attacker can exploit this by providing specially crafted BER/CER/DER-encoded ASN.1 data with a large exponent in the REAL value. When the application subsequently prints, logs, compares, or performs arithmetic on the decoded value, this can cause excessive CPU and memory consumption,...
[SECURITY] Fedora 43 Update: xrdp-0.10.6.1-1.fc43
xrdp provides a fully functional RDP server compatible with a wide range of RDP clients, including FreeRDP and Microsoft RDP client...
[SECURITY] Fedora 44 Update: firefox-152.0.6-1.fc44
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability...
Ubuntu 14.04 LTS / Pro FIPS 16.04 LTS : Linux kernel vulnerabilities (USN-8548-1)
"The remote Ubuntu 14.04 LTS / Pro FIPS 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8548-1 advisory. It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer...
CVE-2026-59885 pyasn1: Quadratic complexity in OBJECT IDENTIFIER and RELATIVE-OID processing allows denial of service
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER, CER, and DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time relative to the number of arcs, so a small crafted payload containing an OID with many arcs consumes excessive CPU per decode call and c...
AlmaLinux 8 : go-toolset:rhel8 (ALSA-2026:38995)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:38995 advisory. golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing CVE-2026-39821 crypto/x509: golang:...
[SECURITY] Fedora 43 Update: attr-2.6.0-1.fc43
A set of tools for manipulating extended attributes on filesystem objects, in particular getfattr1 and setfattr1. An attr1 command is also provided which is largely compatible with the SGI IRIX tool of the same name...
PT-2026-59665
Impact A Python operator precedence bug in pyzipper/zipfile aes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the caller...
[SECURITY] [DSA 6387-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6387-1 [email protected] https://www.debian.org/security/ Andres Salomon July 11, 2026 https://www.debian.org/security/faq -...
CVE-2026-57218 RabbitMQ: AMQP 0-9-1 in combination with OAuth 2: consumer persistence can lead to post-revocation message disclosure
RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.updatesecret refresh to reduced scopes because existing consumers are not canceled or reauthorized at delivery time after...
CVE-2026-21052
Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege...