59 matches found
CVE-2026-47715
Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it to belong to the issue in the URL. This is a project-boundary authorization issue: a...
CVE-2025-15634 HCL BigFix WebUI is affected by a missing authorization vulnerability
A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page...
SUSE CVE-2026-43052
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check tdls flag in ieee80211tdlsoper When NL80211TDLSENABLELINK is called, the code only checks if the station exists but not whether it is actually a TDLS station. This allows the operation to proceed for non-TDL...
CVE-2026-43052
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check tdls flag in ieee80211tdlsoper When NL80211TDLSENABLELINK is called, the code only checks if the station exists but not whether it is actually a TDLS station. This allows the operation to proceed for non-TDL...
CVE-2026-43052
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check tdls flag in ieee80211tdlsoper When NL80211TDLSENABLELINK is called, the code only checks if the station exists but not whether it is actually a TDLS station. This allows the operation to proceed for non-TDL...
PT-2026-36469
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the mac80211 subsystem, the ieee80211 tdls oper function fails to verify if a station is a TDLS Tunneled Direct Link Setup station when NL80211 TDLS ENABLE LINK is called. The system...
CVE-2026-5213
CVE-2026-5213 affects several D-Link NAS/network devices (DNS-120, DNR-202L, DNS-315L, DNS-320 family, DNS-321, DNR-322L, DNS-323/325/326/327L, DNR-326, DNS-340L/343/345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04). The vulnerability is in the function cgi_adduser_to_session inside /cgi-bin/...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the attachment upload process. An attacker can execute arbitrary JavaScript in the context of another user's browser session by uploading a crafted HTML or SVG file containing malicious scripts. This can lead...
CVE-2026-0790
ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The...
CVE-2025-64705 Frappe user was able to access the submission of other students
Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, users were able to access the submissions made by other students The issue has been fixed in version 2.41.0 by ensuring proper roles and redirecting if accessed vi...
SUSE-SU-2025:20879-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_10
This update for kernel-livepatch-MICRO-6-0-RTUpdate10 fixes the following issues: - CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 - CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretmem LSM bypass bsc1247158 - CVE-2025-38471: kernel: tls: always refresh the queu...
SUSE-SU-2025:20875-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_6
This update for kernel-livepatch-MICRO-6-0-RTUpdate6 fixes the following issues: - CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 - CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretmem LSM bypass bsc1247158 - CVE-2025-38471: kernel: tls: always refresh the queue...
CVE-2025-11488
A weakness has been identified in D-Link DIR-852 up to 20251002. This affects an unknown part of the file /HNAP1/. Executing manipulation can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. This vulnerabilit...
EUVD-2017-4604
Malware in sbrugna...
wifi: mac80211: reject TDLS operations when station is not associated
...
AZL-66581 CVE-2025-38644 affecting package kernel for versions less than 6.6.104.2-1
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211tdlsoper by sending NL80211TDLSENABLELINK immediately after NL80211CMDCONNECT, before association completed and without pri...
CVE-2025-38644
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211tdlsoper by sending NL80211TDLSENABLELINK immediately after NL80211CMDCONNECT, before association completed and without pri...
CVE-2025-38644 wifi: mac80211: reject TDLS operations when station is not associated
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211tdlsoper by sending NL80211TDLSENABLELINK immediately after NL80211CMDCONNECT, before association completed and without pri...
CVE-2025-38644 wifi: mac80211: reject TDLS operations when station is not associated
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211tdlsoper by sending NL80211TDLSENABLELINK immediately after NL80211CMDCONNECT, before association completed and without pri...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from mac80211 accepting a TDLS operation when unassociated, which could result in a null pointer dereference...