38614 matches found
ROS-20260403-73-0010
A vulnerability in the proc component of the Linux operating system kernel is related to the use of memory after it has been freed. Exploitation of the vulnerability allows an intruder to affect confidentiality, integrity and availability of protected information...
ROS-20260403-73-0021
A vulnerability in the venus component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability allows an attacker to cause a denial of service...
ROS-20260403-73-0023
A vulnerability in the mm/ptdump component of the Linux operating system kernel is related to synchronization errors when using a shared resource. Exploitation of the vulnerability allows an attacker to cause a denial of service...
ROS-20260403-73-0026
A vulnerability in the fbdev component of the Linux operating system kernel is related to writing outside of buffer boundaries. Exploitation of the vulnerability allows an attacker to affect confidentiality, integrity and availability of protected information...
ROS-20260403-73-0029
A vulnerability in the media component of the Linux operating system kernel is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...
CVE-2026-23417
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF component. This vulnerability occurs because the BPFST | BPFPROBEMEM32 immediate stores are not correctly handled by the constant blinding mechanism. As a result, user-controlled 32-bit immediate values can remain unblinded in...
CVE-2026-5420
A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AESIV/AESPASSWORD results in use of hard-coded...
CVE-2026-5418
A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...
CVE-2026-5420
CVE-2026-5420 affects Shinrays Games Goods Triple App (up to 1.200), specifically the component cats.goods.sort.sorting.games and the file jRwTX.java. The issue arises from manipulating AES_IV/AES_PASSWORD, resulting in the use of a hard-coded cryptographic key. Local attack is required with high...
CVE-2026-5420
A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AESIV/AESPASSWORD results in use of hard-coded...
CVE-2026-25601
A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user...
MGASA-2026-0080 Updated nss & firefox packages fix security vulnerabilities
Denial-of-service in the XML component. CVE-2025-59375 Race condition, use-after-free in the Graphics: WebRender component. CVE-2026-4684 Incorrect boundary conditions in the Graphics: Canvas2D component. CVE-2026-4685 Incorrect boundary conditions in the Graphics: Canvas2D component. CVE-2026-46...
Updated nss & firefox packages fix security vulnerabilities
Denial-of-service in the XML component. CVE-2025-59375 Race condition, use-after-free in the Graphics: WebRender component. CVE-2026-4684 Incorrect boundary conditions in the Graphics: Canvas2D component. CVE-2026-4685 Incorrect boundary conditions in the Graphics: Canvas2D component. CVE-2026-46...
CLSA-2026-1775148284 binutils: Fix of 3 CVEs
CVE-2025-66862: fix heap-buffer-overflow in gnuspecial in cplus-dem.c - CVE-2025-66863: fix SEGV in ddiscriminator in cp-demangle.c - CVE-2025-66865: fix stack overflow in dprintcomp in cp-demangle.c...
CVE-2026-5332 Xiaopi Panel WAF Firewall demo.php cross site scripting
A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerability affects unknown code of the file /demo.php of the component WAF Firewall. The manipulation of the argument param leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available...
mysql: mariadb: High Privilege Denial of Service Vulnerability in MySQL Server (CPU Jan 2025)
A flaw was found in the MySQL Server component: InnoDB. This vulnerability allows a high-privileged attacker to cause a denial of service, which causes frequent crashes or hangs, via multiple network protocols...
CVE-2026-21631
Lack of output escaping leads to a XSS vector in the multilingual associations component...
CVE-2026-21629
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...
SUSE CVE-2026-5286
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
PT-2026-29837
A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The...