11429 matches found
EUVD-2026-15949
Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. Attacke...
CVE-2026-1001
A flaw was found in Domoticz. This stored cross-site scripting XSS vulnerability allows authenticated administrators to execute arbitrary scripts. By supplying crafted names containing script or HTML markup in the 'Add Hardware' and 'rename device' functionalities, attackers can inject malicious...
CVE-2026-1001
Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. Attacke...
CVE-2026-1001 Domoticz < 2026.1 Stored XSS via Hardware Configuration Endpoint
Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. Attacke...
CVE-2026-1001
Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. Attacke...
CVE-2026-25328
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in add-ons.org Product File Upload for WooCommerce products-file-upload-for-woocommerce allows Path Traversal.This issue affects Product File Upload for WooCommerce: from n/a through = 2.2.4...
SUSE CVE-2026-23280
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Prevent ubuf size overflow The ubuf size calculation may overflow, resulting in an undersized allocation and possible memory corruption. Use checkaddoverflow helpers to validate the size calculation before allocati...
CVE-2026-2995 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content...
CVE-2026-23387
In the Linux kernel, the following vulnerability has been resolved: pinctrl: cirrus: cs42l43: Fix double-put in cs42l43pinprobe devmaddactionorreset already invokes the action on failure, so the explicit put causes a double-put...
CVE-2026-23280
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Prevent ubuf size overflow The ubuf size calculation may overflow, resulting in an undersized allocation and possible memory corruption. Use checkaddoverflow helpers to validate the size calculation before allocati...
CVE-2026-23280
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Prevent ubuf size overflow The ubuf size calculation may overflow, resulting in an undersized allocation and possible memory corruption. Use checkaddoverflow helpers to validate the size calculation before allocati...
UBUNTU-CVE-2026-23280
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Prevent ubuf size overflow The ubuf size calculation may overflow, resulting in an undersized allocation and possible memory corruption. Use checkaddoverflow helpers to validate the size calculation before allocati...
CVE-2026-23387
The CVE-2026-23387 issue concerns the Linux kernel fix for a double-put in pinctrl/cirrus cs42l43 handling during cs42l43_pin_probe, caused by an explicit put after devm_add_action_or_reset() already performing an action on failure. Connected OSV entries (ROOT-OS-DEBIAN-13-CVE-2026-23387 and ROOT...
CVE-2026-23333
...
CVE-2026-4783 itsourcecode College Management System Parameter add-single-student-results.php sql injection
A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/add-single-student-results.php of the component Parameter Handler. The manipulation of the argument coursecode leads to sql injection. It is possible to...
CVE-2026-4783
A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/add-single-student-results.php of the component Parameter Handler. The manipulation of the argument coursecode leads to sql injection. It is possible to...
CVE-2026-4783
The CVE concerns itsourcecode College Management System 1.0. The vulnerability is in the Parameter Handler of the /admin/add-single-student-results.php file, where manipulating the course_code argument causes SQL injection. It can be exploited remotely and the exploit has been disclosed publicly....
Domoticz 跨站脚本漏洞
Domoticz is an open-source smart home system developed by the Domoticz company. This system supports the monitoring and control of various smart home devices. Versions of Domoticz prior to 2026.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Web interface’s...
PT-2026-27992
Name of the Vulnerable Software and Affected Versions GitLab EE versions 15.4 through 18.8.6 GitLab EE versions 18.9 through 18.9.2 GitLab EE versions 18.10 through 18.10.0 Description An authenticated user could add email addresses to targeted user accounts due to improper sanitization of HTML...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the blkaddTrace function using the thiscpu operation within preemptible contexts, potentially leading t...