76 matches found
CVE-2026-37234
FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xappids by sending multiple E42SETUPREQUESTs. On disconnect, only the first registered xappid's resources are cleaned up; subsequent xappids and their subscriptions remain as stale entries. A remote attacker can exploit this to leak...
flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation
A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...
rpm 操作系统命令注入漏洞
rpm is a powerful command-line-driven package management tool from the rpm organization. It is used for installing, uninstalling, verifying, querying, and updating software packages on Linux systems. rpm has a vulnerability related to operating system command injection. This vulnerability arises...
CVE-2026-46013
A flaw was found in the Linux kernel. An issue in the memfdluo component, specifically within the putfolios cleanup path of memfdluoretrievefolios, leads to incorrect physical address conversion and a missing check for sparse file holes. This could result in incorrect memory handling, potentially...
Astra Linux - уязвимость в amd64-microcode
Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity...
CVE-2026-5503 out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicName
In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...
WordPress plugin List category posts 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
Roundcube Webmail 安全漏洞
Roundcube Webmail is an open-source browser-based IMAP client developed by Roundcube. It supports address book management, information search, spelling checking, and more. Versions of Roundcube Webmail prior to 1.5.14 and 1.6.14 contained security vulnerabilities. These vulnerabilities stemmed fr...
Weak Password Recovery Mechanism for Forgotten Password
Overview Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the ResetPassword function and the background token cleanup process. An attacker can gain persistent unauthorized access to user accounts by reusing intercepted password reset...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Both Apple iOS and Apple iPadOS have security vulnerabilities, which stem from improper log cleanup. These...
Vivotek IP7137 操作系统命令注入漏洞
The Vivotek IP7137 is an IP camera from China's Vivotek Communications Vivotek. An operating system command injection vulnerability exists in the Vivotek IP7137 version 0200a, which stems from improper cleanup of the parameter systemntpIt, and could lead to a command injection attack...
WordPress plugin Shabat Keeper 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin BA Book Everything 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
kroki 安全漏洞
kroki is an open source icon creation tool from Yuzu tech. A security vulnerability exists in kroki, which stems from an insufficient cleanup of the convert function, which could result in sending requests to arbitrary URLs and disclosing sensitive information...
Nextcloud Server 安全漏洞
Nextcloud Server is a Nextcloud server program open-sourced by Nextcloud. A security vulnerability exists in Nextcloud Server versions prior to 31.0.12 and prior to 32.0.3, which stems from insufficient cleanup and could lead to content security policy bypass...
Qualys Cloud Agent 安全漏洞
Qualys Cloud Agent is a lightweight application from Qualys, Inc. A single agent for real-time, global visibility and response. A security vulnerability exists in Qualys Cloud Agent that stems from not using absolute paths and not cleaning up the $PATH environment variable, which could lead to...
Apple macOS 安全漏洞
Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma prior to 14.8.2 and Sequoia prior to 15.7.2, which stems from improper input cleanup and could result in an application...
FreePBX Endpoint Manager 操作系统命令注入漏洞
FreePBX Endpoint Manager is a centralized IP phone endpoint configuration module from the FreePBX open source. An operating system command injection vulnerability exists in FreePBX Endpoint Manager versions prior to 16.0.92 and prior to 17.0.6, which stems from insufficient user input cleanup, an...
EUVD-2025-31027
Malicious code in bioql PyPI...
WordPress plugin atec Debug 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...