14 matches found
CVE-2026-27694
Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver names into HTML email output without proper escaping. An attacker with low privileges can store...
CVE-2026-27694
Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver names into HTML email output without proper escaping. An attacker with low privileges can store...
CVE-2026-27694 traccar allows stored HTML injection in notification emails
Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver names into HTML email output without proper escaping. An attacker with low privileges can store...
CVE-2026-27694
Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver names into HTML email output without proper escaping. An attacker with low privileges can store...
Traccar 跨站脚本漏洞
Traccar is a Java-based website monitoring system developed by the American company Traccar. This software supports over 170 GPS protocols and over 1,500 types of GPS tracking devices. Traccar can be used alongside any major SQL database systems. It also provides a user-friendly REST API. Version...
Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991124)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991124 advisory. In the Linux kernel, the following vulnerability has been resolved: virtioconsole: eliminate anonymous moduleinit & moduleexit Eliminate anonymous moduleinit and...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990621)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990621 advisory. In the Linux kernel, the following vulnerability has been resolved: virtioconsole: eliminate anonymous moduleinit & moduleexit Eliminate anonymous moduleinit and...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check for NULL driver names, which could result in a null pointer dereference...
UBUNTU-CVE-2022-49100
In the Linux kernel, the following vulnerability has been resolved: virtioconsole: eliminate anonymous moduleinit & moduleexit Eliminate anonymous moduleinit and moduleexit, which can lead to confusion or ambiguity when reading System.map, crashes/oops/bugs, or an initcalldebug log. Give each of...
CVE-2022-49100 virtio_console: eliminate anonymous module_init & module_exit
In the Linux kernel, the following vulnerability has been resolved: virtioconsole: eliminate anonymous moduleinit & moduleexit Eliminate anonymous moduleinit and moduleexit, which can lead to confusion or ambiguity when reading System.map, crashes/oops/bugs, or an initcalldebug log. Give each of...
GHSA-FM4Q-J8G4-C9J4 Apache Superset Improper Input Validation vulnerability
Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is usin...
CVE-2023-39265 Apache Superset: Possible Unauthorized Registration of SQLite Database Connections
Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is usin...
PT-2023-5054 · Apache · Apache Superset
Name of the Vulnerable Software and Affected Versions: Apache Superset versions up to and including 2.1.0 Description: The issue is related to the use of alternative driver names when importing a database, which could allow a remote attacker to create arbitrary files and gain unauthorized access ...
Uber Announces Breach of 'Partner' Information
The enormously popular alternative taxi service, Uber, admitted late Friday that an unauthorized third party gained access to the company’s database, stealing driver but not customer information in the process. In a statement, Uber claims there was a “one-time access” of its databases, spilling t...