2917 matches found
CVE-2026-53083
The CVE-2026-53083 entry concerns the Linux kernel bpf subsystem. A missing cond_resched() in bpf_fd_array_map_clear() can cause RCU stalls when PROG_ARRAY maps have many entries, because prog_array_map_poke_run() is invoked per entry without yielding under load. The issue is triggered in the loo...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad – Fixing timeout handling When the CPU on which the QSPI interrupt handler runs typically CPU 0 is excessively busy, it can lead to rare cases where the IRQ thread does not run before the transfer timeout is...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: nbd: defer config put in recvwork There is one UAF issue in recvwork when running NBDCLEARSOCK and NBDCMDRECONFIGURE: - nbdgenlconnect // confref=2 connect and recvwork A - nbdopen // confref=3 - recvwork A completed //...
CURL-CVE-2026-9546 sending old referer
A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result, the previous referrer string was erroneously...
stale proxy password leak
libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...
CVE-2026-8705
The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...
CVE-2026-8705
The CVE describes a SQL injection in the ClearSale Total WordPress plugin (versions <= 3.4.2). The vulnerability occurs via the pagseguro[metodo] POST parameter of the clearsale_total_push AJAX action, which is accessible to unauthenticated users (wp_ajax_nopriv_clearsale_total_push). Although...
EUVD-2026-38672
The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...
CVE-2026-7617 Secufor_OAuth <= 1.0.7 - Missing Authorization to Unauthenticated Account Logout via 'secuforoauth_unregister_action' AJAX Action
The SecuforOAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to disconnect the WordPress...
PT-2026-52101
Name of the Vulnerable Software and Affected Versions Zephyr versions 4.1.0 through 4.4.0 Description The PL011 UART driver in drivers/serial/uart pl011.c contains an unbounded software loop within the pl011 irq tx enable function. This loop repeatedly invokes the interrupt-driven application...
PT-2026-52019
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock occurs in the Linux kernel when the value "clear" is written to the array state variable. The md attr store function breaks sysfs active protection to allow an array to delete...
PT-2026-51752
Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description A flaw exists where the software fails to clear proxy authentication credentials when instructed to do so. This results in old credentials remaining available and potentially being used for...
PT-2026-51977
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-13195-g967e8def1100 Description An issue exists in the Linux kernel where the bpf fd array map clear function fails to yield the processor during its execution loop. For PROG ARRAY maps containing a large...
DOMPurify: Trusted Types policy survives `clearConfig()` and can poison later `RETURN_TRUSTED_TYPE` output
Impact A DOMPurify instance that is reused across trust boundaries can stay bound to a previously supplied TRUSTEDTYPESPOLICY even after clearConfig is called. A later caller that requests RETURNTRUSTEDTYPE receives a TrustedHTML object created by the old policy, not by a clean default...
GHSA-VXR8-FQ34-VVX9 DOMPurify: Trusted Types policy survives `clearConfig()` and can poison later `RETURN_TRUSTED_TYPE` output
Impact A DOMPurify instance that is reused across trust boundaries can stay bound to a previously supplied TRUSTEDTYPESPOLICY even after clearConfig is called. A later caller that requests RETURNTRUSTEDTYPE receives a TrustedHTML object created by the old policy, not by a clean default...
PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)
!NOTE The vulnerability surfaces only when a JWKS fetch fails; an attacker can attempt to provoke that with sustained unknown-kid traffic, but the outcome depends on upstream JWKS-endpoint behavior rate limiting, transient errors which is beyond the attacker's control. Impact is reduced auth...
GHSA-FHV5-28VV-H8M8 PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)
!NOTE The vulnerability surfaces only when a JWKS fetch fails; an attacker can attempt to provoke that with sustained unknown-kid traffic, but the outcome depends on upstream JWKS-endpoint behavior rate limiting, transient errors which is beyond the attacker's control. Impact is reduced auth...
kernel-rt security update
An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...
Critical: Red Hat Security Advisory: kernel-rt security update
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal through the clearplugincache function. An attacker can cause deletion of arbitrary directories accessible to the server process by supplying crafted input containing directory traversal sequences. This can result in...