CubeCart 输入验证错误漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. In versions 6.6.x to 6.7.1 of CubeCart, there is a vulnerability related to input validation errors. This vulnerability stems from directly constructing the CCSTOREURL constant from the Host request headers and embedding the...

EUVD-2026-28669

In the Linux kernel, the following vulnerability has been resolved: x86/apic: Disable x2apic on resume if the kernel expects so When resuming from s2ram, firmware may re-enable x2apic mode, which may have been disabled by the kernel during boot either because it doesn't support IRQ remapping or f...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfsdcompare Observed on kernel 6.6 present on master as well: BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasancheckrange+0xe8/0x190 asanloadN+0x1c/0x28 memcmp+0x98/0xd0...

CVE-2026-31664 affecting package kernel for versions less than 6.6.137.1-1

CVE-2026-31664 affecting package kernel for versions less than 6.6.137.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-31523 affecting package kernel for versions less than 6.6.134.1-2

CVE-2026-31523 affecting package kernel for versions less than 6.6.134.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2026-35518 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.cnameRecords Newline Injection

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS CNAME records configuration parameter dns.cnameRecords. This vulnerability allows a...

CVE-2026-23306 affecting package kernel for versions less than 6.6.130.1-1

CVE-2026-23306 affecting package kernel for versions less than 6.6.130.1-1. An upgraded version of the package is available that resolves this issue...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=8.6.0 <=8.8.1), ca.uhn.hapi.fhir:hapi-fhir-converter (>=8.6.0 <=8.8.1) +96 more potentially affected by CVE-2026-33180 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu3.support (>=6.6.0 <=6.8.2)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu3.support MAVEN version =6.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.8.1 and more Source cves: CVE-2026-33180 Source advisory: OSV:GHSA-P7M9-V2CM-2H7M...

CVE-2026-28384

An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...

Exploit for CVE-2002-0526

Local Exploits Various local exploits CVE-2020-7247 root...

LXD 安全漏洞

LXD is a Canonical open-source container-based system for managing applications on Linux systems. Security vulnerabilities exist in LXD versions 4.12 to 6.6, which stem from improper cleaning of the compressionalgorithm parameter. This vulnerability could allow authenticated non-privileged users ...

CVE-2026-23097 affecting package kernel for versions less than 6.6.126.1-1

CVE-2026-23097 affecting package kernel for versions less than 6.6.126.1-1. A patched version of the package is available...

PT-2026-22919

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.6 and later Description A flaw exists in the f2fs filesystem within the Linux kernel related to swapfile handling. Specifically, the check swap activate function incorrectly maps physical blocks when a swapfile is small...

AZL-77877 CVE-2026-23214 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: btrfs: reject new transactions if the fs is fully read-only BUG There is a bug report where a heavily fuzzed fs is mounted with all rescue mount options, which leads to the following warnings during unmount: BTRFS: Transaction...

CVE-2026-21743

A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotecte...

CVE-2025-68783 affecting package kernel for versions less than 6.6.121.1-1

CVE-2025-68783 affecting package kernel for versions less than 6.6.121.1-1. A patched version of the package is available...

CVE-2023-45935

Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms. NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server...

CVE-2025-69344

Summary: CVE-2025-69344 affects WordPress Theme Oneline Lite (ThemeHunk Oneline Lite) versions through 6.6, with a Missing Authorization / Broken Access Control vulnerability caused by incorrectly configured access control security levels. This can allow unauthorized access due to improperly cons...

CVE-2025-66572

Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...

CVE-2025-66572

Loaded Commerce 6.6 is affected by a client-side template injection vulnerability that allows unauthenticated attackers to execute code on the server via the search parameter . The root cause is CSTI in the template handling, enabling remote code execution. Public documentation notes there is cur...