1207 matches found
CVE-2026-50076 Apache Fory: Java ReplaceResolverSerializer deserialization checks bypass
Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via...
CVE-2026-50076
CVE-2026-50076 affects the Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM. The issue is a deserialization flaw in the Java replace-resolve path that allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and to invoke classpath-present readResolve/r...
Better Search Replace < 1.4.5 - PHP Object Injection
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...
EUVD-2021-34846
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...
CVE-2021-4481
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...
CVE-2021-4481 Dräger Protector Software Local Privilege Escalation via Insecure File Permissions
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...
CVE-2021-4481
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...
CVE-2021-4480
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...
PT-2026-45860
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...
CLSA-2026-1780062116 Fix CVE(s): CVE-2026-41035
SECURITY UPDATE: use-after-free in receivexattr - debian/patches/CVE-2026-41035.patch: replace stale local 'count' with tempxattr.count in the qsort call inside receivexattr, so the sort uses the live size of the rebuilt xattr items list; victim must run rsync with -X / --xattrs - CVE-2026-41035...
EUVD-2026-32842
In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime swap in changehandle There was a potential race condition in changehandle. The ioctl briefly had a single object with two idr entries; a concurrent gemclose could delete the object and...
CVE-2026-45965
A flaw was found in the AppArmor security module of the Linux kernel. When the exportbinary parameter is disabled at runtime, a previously loaded profile that is subsequently replaced can lead to a NULL pointer dereference. This occurs when the system attempts to resolve symbolic links to raw dat...
Fedora 43 : perl-Crypt-DSA (2026-fdc100f74f)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fdc100f74f advisory. This update fixes a couple of security issues: Replace two arg open CVE-2026-8704 Replace rand with a cryptographically-secure source of random data...
Oban Web 安全漏洞
Oban Web is an embedded real-time backend task monitoring dashboard developed under the Oban Framework open source project. Versions of Oban Web from 2.12.0 to 2.12.5 contained a security vulnerability. This vulnerability originated from the Elixir.Oban.Web.Jobs.DetailComponent module, where the...
UBUNTU-CVE-2026-48842
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...
CVE-2026-48842
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...
OSV-2026-798 Heap-use-after-free in ReplaceDEFNode
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515134929 Crash type: Heap-use-after-free READ 8 Crash state: ReplaceDEFNode gfsgreset gfsgdel...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: Zoned – Fix for use-after-free due to race condition with dev replace When loading the information of a zone during the creation of a block group, we may encounter a race condition with the device replace operation. This c...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net: sched: clsu32: Undo tcfbindfilter if u32replacehwknode When u32replacehwknode fails, we need to undo the tcf BindFilter operation performed at u32setparms...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Do not attempt to replace the rwsem lock on a device that already holds it. By running fstests btrfs/011 with MKFSOPTIONS="-O rst" to force the use of the RAID stripe-tree, we obtain the following error from lockdep:...