2724 matches found
Zimbra - Cross-Site Scripting via ICS Files
Detects Zimbra Collaboration Suite versions vulnerable to CVE-2025-27915, a stored XSS vulnerability in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an email with a malicious ICS entry, embedded JavaScript executes via an ontoggle event...
openSIS Classic v9.1 - SQL Injection
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $usernamestnid parameter, which can be manipulated by an attacker to inject arbitrary SQL commands. id: CVE-2024-51211...
CVE-2026-10654
A race condition in the Zephyr Bluetooth Classic RFCOMM host stack subsys/bluetooth/host/classic/rfcomm.c mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a session teardown state BTRFCOMMSTATEDISCONNECTING, DISC sent, RTX timer armed and the connect...
CVE-2026-10654
The CVE-2026-10654 issue is a race in Zephyr’s Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c): when one side initiates a session teardown and the peer simultaneously sends a DISC for DLCI 0, rfcomm_handle_disc() forces the session to DISCONNECTED without calling bt_l...
CVE-2026-48286
Adobe Campaign Classic ACC versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-48286
Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability (CWE-863) that could permit arbitrary code execution in the context of the current user. Exploitation does not require user interaction, and the impact is limited to the use...
CVE-2026-48286 Adobe Campaign Classic (ACC) | Incorrect Authorization (CWE-863)
Adobe Campaign Classic ACC versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-53208 Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig net/bluetooth/l2capcore.c:l2capsigchannel accepts BR/EDR signaling packets up to the channel MTU and dispatches each command without enforcing the signaling MTU MTUsig...
UBUNTU-CVE-2026-10651
A malformed Bluetooth Classic SDP attribute can trigger a reachable assertion in Zephyr's SDP parser. In subsys/bluetooth/host/classic/sdp.c, btsdpparseattribute accepts an input buffer once it contains the 1-byte attribute type and 2-byte attribute id, but then unconditionally pulls an additiona...
CVE-2026-10651
A malformed Bluetooth Classic SDP attribute can trigger a reachable assertion in Zephyr's SDP parser. In subsys/bluetooth/host/classic/sdp.c, btsdpparseattribute accepts an input buffer once it contains the 1-byte attribute type and 2-byte attribute id, but then unconditionally pulls an additiona...
CVE-2026-10651
The CVE-2026-10651 affects Zephyr’s Bluetooth Classic SDP parser (subsys/bluetooth/host/classic/sdp.c) where bt_sdp_parse_attribute() reads a 3-byte attribute (1-byte type, 2-byte id) but then unconditionally pulls an extra value type byte without verifying remaining length. A truncated 3-byte at...
CVE-2026-10651 Bluetooth Classic SDP parser truncation bug in bt_sdp_parse_attribute() leads to reachable assertion and possible out-of-bounds read
A malformed Bluetooth Classic SDP attribute can trigger a reachable assertion in Zephyr's SDP parser. In subsys/bluetooth/host/classic/sdp.c, btsdpparseattribute accepts an input buffer once it contains the 1-byte attribute type and 2-byte attribute id, but then unconditionally pulls an additiona...
ROOT-APP-MAVEN-CVE-2023-6378 CVE-2023-6378 in io.root.ch.qos.logback:logback-classic - Patched by Root
Root has patched CVE-2023-6378 in the io.root.ch.qos.logback:logback-classic package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2017-5929 CVE-2017-5929 in io.root.ch.qos.logback:logback-classic - Patched by Root
Root has patched CVE-2017-5929 in the io.root.ch.qos.logback:logback-classic package for Root:Maven. Multiple fixed versions available...
EUVD-2026-38034
In the Linux kernel, the following vulnerability has been resolved: bpf: Free reuseport cBPF prog after RCU grace period. Eulgyu Kim reported the splat below with a repro. 0 The repro sets up a UDP reuseport group with a cBPF prog and replaces it with a new one while another thread is sending a U...
Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Added BHB mitigation to the epilogue for cBPF programs. A malicious BPF program may manipulate the branch history to influence what the hardware speculates will happen next. Upon exiting a cBPF program, the BHB...
Astra Linux – Vulnerability in docker.io-app
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is vulnerable to cache poisoning if the image is built FROM scratch. Additionally, changes to certain instructions—especially HEALTHCHECK and ONBUILD—do not trigger cache...
Siemens RuggedCom Rox Classic Buffer Overflow (CVE-2022-30552)
Das U-Boot 2022.01 has a Buffer Overflow. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid505481; scriptversion"1.2";...
CVE-2026-10641
Zephyr's Bluetooth Classic Hands-Free Profile HFP Hands-Free role parser subsys/bluetooth/host/classic/hfphf.c contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND: response in cindhandle, which assigns a per-entry counter index a...
CVE-2026-10641
Zephyr Bluetooth Classic HFP HF CIND parser (subsys/bluetooth/host/classic/hfp_hf.c) contains an out-of-bounds write during +CIND=?/+CIND: handling. cind_handle_values() writes hf-ind_table[index] = i without verifying index is within the 20-element int8_t ind_table[]. A remote attacker could sen...