Code-Projects Employee Management System 注入漏洞

Code-Projects Employee Management System is an open-source employee management system developed by Code-Projects. Version 1.0 of the Code-Projects Employee Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the pwd parameter in the...

MAL-2026-3032 Malicious code in js-component-explorer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42b874b4949845eda88ec207be1ff9bedde0eb14b4f8cc12b4f46fd32bd32391 The package js-component-explorer was found to contain malicious code. Source: ossf-package-analysis...

BELL-CVE-2026-31575

Bulletin has no description...

OESA-2026-2107 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

OESA-2026-2106 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

OESA-2026-2105 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

[SECURITY] Fedora 44 Update: qt6-qtnetworkauth-6.10.3-1.fc44

Qt6 - NetworkAuth component...

[SECURITY] Fedora 44 Update: qt6-qtdeclarative-6.10.3-1.fc44

Qt6 - QtDeclarative component...

SUSE CVE-2026-31587

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm: move component registration to unmanaged version q6apm component registers dais dynamically from ASoC toplology, which are allocated using device managed version apis. Allocating both component and dynamic dais...

Datacom DM4100 跨站脚本漏洞

The Datacom DM4100 is a high-performance routing and switching device designed for operational-level networks by Datacom Company in New Zealand. The Datacom DM4100 version 1.3.6.1.4.1.3709 has a cross-site scripting vulnerability. This vulnerability stems from the operation of the VLAN Name...

Vanna 安全漏洞

Vanna is a personalized AI SQL proxy from Vanna Corporation. Versions of Vanna 2.0.2 and earlier contained security vulnerabilities, which were caused by improper authorization in the Legacy Flask API component. These vulnerabilities could lead to remote attacks...

SUSE SLES15 Security Update : tomcat (SUSE-SU-2026:1604-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1604-1 advisory. Security fixes: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open...

CVE-2026-31659

A flaw was found in the batman-adv component of the Linux kernel. A remote attacker can exploit this vulnerability by sending a specially crafted oversized global Topology Table TT response. This causes an integer overflow during memory allocation, leading to a heap overflow and memory corruption...

CVE-2026-31611

A flaw was found in the ksmbd component of the Linux kernel. A remote attacker could exploit this vulnerability by sending a specially crafted Access Control Entry ACE that causes an out-of-bounds read when parsing security identifiers. This out-of-bounds read can lead to the application of...

CVE-2026-31571

A flaw was found in the Linux kernel's drm/i915 component. A local user can exploit this by configuring a graphics plane, previously designated for Y-component data Y plane, as a standard plane. This incorrect configuration leads to a race condition where the unlinknv12plane function improperly...

CVE-2026-31552

A flaw was found in the Linux kernel's wlcore component. When the system attempts to allocate memory for a network packet and there is insufficient space, an incorrect error code is returned. This error handling issue causes the system to repeatedly attempt to process the same packet in an endles...

DEBIAN-CVE-2026-31587

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm: move component registration to unmanaged version q6apm component registers dais dynamically from ASoC toplology, which are allocated using device managed version apis. Allocating both component and dynamic dais...

CVE-2026-31587

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm: move component registration to unmanaged version q6apm component registers dais dynamically from ASoC toplology, which are allocated using device managed version apis. Allocating both component and dynamic dais...

EUVD-2026-25488

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Stop cmdhandler work in epfntbepccleanup Disable the delayed work before clearing BAR mappings and doorbells to avoid running the handler after resources have been torn down. Unable to handle kernel...

CVE-2026-31595 PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Stop cmdhandler work in epfntbepccleanup Disable the delayed work before clearing BAR mappings and doorbells to avoid running the handler after resources have been torn down. Unable to handle kernel...