118 matches found
WordPress plugin Football Pool 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
mezzanine 跨站脚本漏洞
mezzanine is a Django CMS framework by stephenmcd individual developers. A cross-site scripting vulnerability exists in mezzanine versions prior to 6.1.1, which stems from insufficient cleanup of the displayablelinksjs function and could lead to a stored cross-site scripting attack...
CVE-2022-45455
Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office Windows before build 40107, Acronis Agent Windows before build 30025, Acronis Cyber Protect 15 Windows before build 30984...
The vulnerability of the formArpNerworkSet function in the /goform/ArpNerworkSet file of the Tenda A15 wireless access point software allows a attacker to cause a service failure.
The vulnerability of the formArpNerworkSet function in the /goform/ArpNerworkSet microprogramming system for the wireless access point Tenda A15 is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause service failures remotely...
CVE-2022-45347
Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apac...
CVE-2020-5961
NVIDIA vGPU graphics driver for guest OS contains a vulnerability in which an incorrect resource clean up on a failure path can impact the guest VM, leading to denial of service...
kernel: smb: client: fix TCP timers deadlock after rmmod
REJECTED CVE A vulnerability was suspected in the Linux kernel's SMB client module related to TCP timers and potential deadlocks after module removal rmmod cifs. The issue stemmed from incorrect manual manipulation of sk-sknetrefcnt, which led to TCP timers not being properly cleared, causing...
PT-2026-42451
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double-free issue exists in the Reliable Delivery Service RDS implementation of the Linux kernel. When the iov iter get pages2 function fails within rds message zcopy from user, the...
HCL Leap 安全漏洞
HCL Leap is a low-code development platform from HCL India. HCL Leap suffers from a security vulnerability that stems from insufficient cleanup and allows injection of client-side scripts in the authoring environment...
CVE-2025-22115 btrfs: fix block group refcount race in btrfs_create_pending_block_groups()
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block group refcount race in btrfscreatependingblockgroups Block group creation is done in two phases, which results in a slightly unintuitive property: a block group can be allocated/deallocated from after...
Symfonia Ready_ SQL注入漏洞
Symfonia Ready is an operating system from Symfonia that builds programs for companies to use off-the-shelf modules and business applications. Symfonia Ready has an SQL injection vulnerability that stems from improper input cleanup in the Invoices module file search function, which could lead to ...
CVE-2025-32439 pleezer allows resource exhaustion through uncollected hook script processes
pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even...
SicommNet BASEC 安全漏洞
SicommNet BASEC is a proxy solution from SicommNet, Inc. A security vulnerability exists in SicommNet BASEC that stems from improper input cleanup and could lead to a reflective cross-site scripting attack...
Amazon Linux 2 : PackageKit (ALAS-2025-2811)
The version of PackageKit installed on the remote host is prior to 1.1.5-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2811 advisory. A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be...
Important: tomcat
Issue Overview: When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpect...
Ubuntu 24.04 LTS / 24.10 : Valkey vulnerabilities (USN-7359-1)
The remote Ubuntu 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7359-1 advisory. It was discovered that Valkey did not properly handle memory cleanup. An attacker could possibly use this issue to execute arbitrary code...
Backdrop CMS 跨站脚本漏洞
Backdrop CMS is a content management system CMS from Backdrop CMS open source. A cross-site scripting vulnerability exists in Backdrop CMS versions prior to 1.x-1.1.1, which stems from insufficient input cleanup and could lead to cross-site scripting attacks...
CVE-2024-57975
In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when rundelallocnocow failed BUG With CONFIGDEBUGVM set, test case generic/476 has some chance to crash with the following VMBUGONFOLIO: BTRFS error device dm-3: cowfilerange failed, start 1146880 e...
CVE-2022-49669 mptcp: fix race on unaccepted mptcp sockets
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race on unaccepted mptcp sockets When the listener socket owning the relevant request is closed, it frees the unaccepted subflows and that causes later deletion of the paired MPTCP sockets. The mptcp socket's worker ca...
CVE-2022-49168
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fails The submit helper will always run bioendio on the bio if it fails to submit, so cleaning up the bio just leads to a variety of use-after-free and NULL pointer dereference bugs...