19073 matches found
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure of vgicallocateprivateirqslocked in the KVM ARM64 virtual GIC, causing it to exit...
CVE-2026-8116 huangjunsen0406 xiaozhi-mcphub dxtController.ts path traversal
A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal. The attack may be initiated remotely. The exploit has been mad...
CVE-2026-41928
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key from the response,...
CVE-2026-41928
CVE-2026-41928 affects Vvveb before 1.0.8.2. Affected: cron controller component which exposes an information disclosure vulnerability. Root cause: unauthenticated access allows retrieval of the application’s secret cron key from the cron controller response, enabling potential misuse to trigger ...
CVE-2026-41928 Vvveb < 1.0.8.2 Information Disclosure via Cron Controller
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key from the response,...
CVE-2026-41928 Vvveb < 1.0.8.2 Information Disclosure via Cron Controller
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key from the response,...
CVE-2026-41928
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key from the response,...
CVE-2026-37709
Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...
SUSE CVE-2026-43022
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: hcicmdsyncqueueonce return -EEXIST if exists hcicmdsyncqueueonce needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid leaking resources. Change the...
Snipe-IT 访问控制错误漏洞
Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT 8.4.0 and earlier contained a access control vulnerability. This vulnerability stemmed from improper permission settings in the app/Http/Controllers/Api/UploadedFilesController.php...
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s developers, used for building websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.2 contained security vulnerabilities. These vulnerabilities stemmed from information leaks in the cron controller, which could allow...
CVE-2026-37709
Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...
CVE-2026-37709
Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...
CVE-2026-37709
Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...
PT-2026-38585
Name of the Vulnerable Software and Affected Versions Vvveb versions prior to 1.0.8.2 Description An information disclosure issue exists in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. By accessing the cron controller without...
PT-2026-38616
Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to v2026 Description An unauthenticated information disclosure issue in the Installer controller allows a remote attacker to trigger the phpinfo function on a fresh deployment. By requesting the endpoint "/" with...
CVE-2026-43236
A flaw was found in the Linux kernel's drm/atmel-hlcdc component. An issue in the atmelhlcdcplaneatomicduplicatestate callback, which incorrectly duplicates the drmplanestate, can lead to a use-after-free vulnerability. This can be triggered when a device node is closed and re-opened while anothe...
GHSA-3XJV-PMF2-GF2Q Flight has path traversal in `make:controller` CLI that creates arbitrary directories outside project root
Summary The make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name contains /, but the recursive directory creation side effect...
Flight has path traversal in `make:controller` CLI that creates arbitrary directories outside project root
Summary The make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name contains /, but the recursive directory creation side effect...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the make:controller process. An attacker can create arbitrary directories outside the intended project root by supplying crafted input containing directory traversal sequences. Details A Directory Traversal attac...