CVE-2026-41178 OpenTelemetry-Go's baggage parsing no longer caps raw header length

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue...

Astra Linux - уязвимость в connman

In ConnMan version 1.41, remote attackers who can send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in receiveddata to execute arbitrary code...

CVE-2026-32277 Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch...

SOPlanning 1.41 SQL Injection

A SQL injection vulnerability exists in SOPlanning version 1.41. The vulnerability allows remote attackers to execute arbitrary SQL commands and potentially compromise the database. This issue is older research added to the archive...

EUVD-2025-201286

A vulnerability has been identified in Genexis Platinum P4410 router Firmware P4410-V2–1.41 that allows a local network attacker to achieve Remote Code Execution RCE with root privileges. The issue occurs due to improper session invalidation after administrator logout. When an administrator logs...

CVE-2025-65883

A vulnerability has been identified in Genexis Platinum P4410 router Firmware P4410-V2–1.41 that allows a local network attacker to achieve Remote Code Execution RCE with root privileges. The issue occurs due to improper session invalidation after administrator logout. When an administrator logs...

CVE-2025-65883

CVE-2025-65883 affects Genexis Platinum P4410 router (Firmware P4410-V2–1.41). The issue is improper session invalidation after administrator logout, leaving the session token valid and reusable by a local-network attacker. By exploiting the stale token, an attacker can send crafted requests to t...

PT-2025-49123

A vulnerability has been identified in Genexis Platinum P4410 router Firmware P4410-V2–1.41 that allows a local network attacker to achieve Remote Code Execution RCE with root privileges. The issue occurs due to improper session invalidation after administrator logout. When an administrator logs...

buildah security update

1.41.6-1.0.1 - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117178 2:1.41.6-1 - update to the latest content of https://github.com/containers/buildah/tree/release-1.41 https://github.com/containers/buildah/commit/2ece502 - fixes 'Minor Incident CVE-2025-52881 buildah:...

EUVD-2013-2989

Malware in sbrugna...

CVE-2024-28131

EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed...

CVE-2023-1322

A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1 and updatexml0,concat0x7e,user,1 leads to sql injection. The attack may be launched remotely. Th...

CVE-2022-45920

In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitoredItems request may cause a memory leak...

PT-2025-20663 · Lmxcms · Lmxcms

Name of the Vulnerable Software and Affected Versions: LmxCMS version 1.41 Description: A critical issue has been found in the function manageZt of the file cadminZtAction.class.php of the component POST Request Handler. The manipulation of the argument sortid leads to SQL injection. It is possib...

lmxcms 安全漏洞

lmxcms dream cms is a website builder from China Dream Cms lmxcms company. A security vulnerability exists in lmxcms version 1.41, which originates from SQL injection due to incorrect operation of the parameter sortid in the file cadminx005fx001atAction.class.php...

CVE-2025-1465 lmxcms Maintenance db.inc.php code injection

A vulnerability, which was classified as problematic, was found in lmxcms 1.41. Affected is an unknown function of the file db.inc.php of the component Maintenance. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high...

Mediawiki OpenBadges Extension 跨站脚本漏洞

Mediawiki OpenBadges Extension is an extension of the Wikimedia Foundation USA. A cross-site scripting vulnerability exists in Mediawiki OpenBadges Extension. An attacker exploiting this vulnerability could perform a cross-site scripting attack. The following versions are affected: version 1.39.X...

PT-2025-4805 · Unknown +1 · Refreshspecial Extension +1

Name of the Vulnerable Software and Affected Versions: Mediawiki - RefreshSpecial Extension versions 1.39.X through 1.39.11 Mediawiki - RefreshSpecial Extension versions 1.41.X through 1.41.3 Mediawiki - RefreshSpecial Extension versions 1.42.X through 1.42.2 Description: The issue is related to...

CVE-2024-47841

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9...

CVE-2024-47848

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...