PT-2026-34637

Froxlor is open source server administration software. Prior to version 2.3.6, in EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to...

Froxlor 安全漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Versions of Froxlor prior to 2.3.6 contained security vulnerabilities. These vulnerabilities stemmed from the use of the adminid parameter in Domains.add without verification, allowing administrators to assi...

EUVD-2018-21772

Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions that...

i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite

Summary Versions of i18next-fs-backend prior to 2.6.4 interpolate the caller-supplied lng and ns values directly into the configured loadPath and addPath templates with no path-component validation and no sanitisation. When an application exposes the resolved language code to user-controlled inpu...

GHSA-8847-338W-5HCJ i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite

Summary Versions of i18next-fs-backend prior to 2.6.4 interpolate the caller-supplied lng and ns values directly into the configured loadPath and addPath templates with no path-component validation and no sanitisation. When an application exposes the resolved language code to user-controlled inpu...

GHSA-Q89C-Q3H5-W34G i18next-http-backend has Path Traversal & URL Injection via Unsanitised lng/ns

Summary Versions of i18next-http-backend prior to 3.0.5 interpolate the lng and ns values directly into the configured loadPath / addPath URL template without any encoding, validation, or path sanitisation. When an application exposes the language-code selection to user-controlled input the defau...

DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)

There is an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214: / FORBIDATTR must always win, even if ADDATTR predicate would allow it / if FORBIDATTRlcName return false; The same fix was not...

GHSA-H7MW-GPVR-XQ4M DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)

There is an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214: / FORBIDATTR must always win, even if ADDATTR predicate would allow it / if FORBIDATTRlcName return false; The same fix was not...

CVE-2018-25259

Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions that...

CVE-2018-25259 Terminal Services Manager 3.1 Buffer Overflow SEH

Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions that...

CVE-2018-25259

Terminal Services Manager 3.1 is affected by a stack-based buffer overflow in the computer names field. The flaw allows local attackers to execute arbitrary code by triggering structured exception handling, using a crafted input file with shellcode and jump instructions that can overwrite the SEH...

kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain()

A flaw was found in the Linux kernel. A local attacker with CAPNETADMIN capabilities, or remote packet traffic, could exploit a use-after-free vulnerability in the nftablesaddchain function's error handling. Successful exploitation could lead to a kernel crash, resulting in a Denial of Service Do...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013536)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013536 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: mxcmmc: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013726)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013726 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: meson-gx: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013550)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013550 advisory. In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of deltimersync must...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013627)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013627 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: via-sdmmc: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore it...

PT-2026-34457

Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions that...

PT-2026-37153

Name of the Vulnerable Software and Affected Versions i18next-fs-backend versions prior to 2.6.4 Description i18next-fs-backend substitutes the lng and ns options directly into the configured loadPath and addPath templates to read or write files from the disk. Because this interpolation is...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013660)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013660 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: atmel-mci: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore it...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013540)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013540 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: toshsd: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its...