19129 matches found
CVE-2026-23039
The CVE-2026-23039 issue affects the Linux kernel DRM Gud (drm/gud) code path. On USB disconnect, drm_atomic_helper_disable_all() clears plane fb and crtc by setting them to NULL before a commit, which can trigger a kernel oops. The fix implements guards to prevent NULL dereferences when accessin...
EUVD-2026-5055
In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drmatomichelperdisableall is called which sets both the fb and crtc for a plane to NULL before invoking a commit. This causes a kernel oops on every displ...
CVE-2026-0963
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-25116
Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...
CLEANSTART-2026-OJ41940 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines
Multiple security vulnerabilities affect the ingress-nginx-controller package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...
CLEANSTART-2026-CR41732 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines
Multiple security vulnerabilities affect the ingress-nginx-controller package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...
CVE-2025-26385
Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...
CVE-2025-26385 Metasys product command injection vulnerability could allow remote SQL execution
Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...
CVE-2025-26385
CVE-2025-26385 concerns Johnson Controls Metasys components vulnerable to an Improper Neutralization of Special Elements used in a Command (Command Injection) , with potential for remote SQL execution . Affected versions include Metasys ADS/ADX with SQL Express in 14.1 and earlier, LCS8500/NAE850...
CVE-2026-0963
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0805
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0805 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0805 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
EUVD-2026-5043
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0805 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0805
CVE-2026-0805 affects Crafty Controller’s Backup Configuration component. The vulnerability is described as an input neutralization/path traversal weakness that could allow a remote, authenticated attacker to tamper files and achieve remote code execution. Reported CVSS v3.1 base score is 8.2 (HI...
CVE-2026-0963 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0963 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
EUVD-2026-5044
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...
CVE-2026-0963
The CVE-2026-0963 entry concerns Crafty Controller's File Operations API Endpoint, where an input neutralization flaw allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal. The vulnerability affects the File Operations API Endpoint componen...