Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: mpi3mr: Fixed the DMA memory leak in the configuration page. A fix was also provided for: DMA-API: For the PCI device with address 0000:83:00.0, the device driver had pending DMA allocations even after it was released fr...

GFI MailEssentials AI 安全漏洞

GFI MailEssentials AI is a U.S. GFI open source anti-spam and data leakage protection software. A cross-site scripting vulnerability exists in the GFI MailEssentials AI Anti-Spoofing configuration page, which can be exploited by an attacker to execute scripts in the context of a logged-in user...

CVE-2026-0774

WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2025-52493

PagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets appear masked as password fields, the actual secret values are present in the page source and can be revealed by simply modifying the input field type from...

CVE-2025-52493

PagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets appear masked as password fields, the actual secret values are present in the page source and can be revealed by simply modifying the input field type from...

CVE-2025-13136

CVE-2025-13136 affects the WordPress plugin GSheetConnector For Ninja Forms (

CVE-2025-13136 GSheetConnector For Ninja Forms <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) System Information Exposure

The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'njform-google-sheet-config ' page in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level...

PT-2025-47833

The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'njform-google-sheet-config ' page in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level...

EUVD-2020-30806

Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting XSS via the BPI Business Process Intelligence component’s Config Management and Edit Config page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...

EUVD-2023-28516

Malicious code in bioql PyPI...

EUVD-2021-29901

Malicious code in bioql PyPI...

PT-2025-40052

Reflected cross-site scripting XSS vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows remote attackers to inject arbitrary web script or HTML via the com liferay layout admin web portlet...

scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs

...

DRUPAL-CONTRIB-2025-093

This module enables you to access an edit page for a config page. The module doesn't sufficiently check the access permissions hookENTITYTYPEaccess wasn't taken into account. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "edit ID config page" an...

CVE-2021-36703

The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website...

CVE-2018-15892

FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa=form page...

SUSE CVE-2023-53120

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix config page DMA memory leak A fix for: DMA-API: pci 0000:83:00.0: device driver has pending DMA allocations while released from device count=1...

CVE-2023-53120

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix config page DMA memory leak A fix for: DMA-API: pci 0000:83:00.0: device driver has pending DMA allocations while released from device count=1...

PT-2024-39240 · Axis · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS versions prior to the patched version Description: The VAPIX API managedoverlayimages.cgi is vulnerable to a race condition attack, allowing an attacker to block access to the overlay configuration page in the web interface of the Axi...

PT-2024-4355 · NetGear · Netgear Wnr614 N300

Name of the Vulnerable Software and Affected Versions: Netgear WNR614 N300 version JNR1010V2/N300-V1.1.0.54 1.0.1 Description: The issue is related to the implementation of the WPS in the Netgear WNR614 N300 router, which allows attackers to gain access to the router's pin. This can enable a remo...