11312 matches found
Astra Linux – Vulnerability in PackageKit
PackageKit provided detailed error messages to unprivileged callers who were exposed to information about the presence of files and their mimetypes. This information was difficult for those callers to determine on their own...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Clear stagedconfig before and after it is used. As a temporary storage, stagedconfig in rdtdomain should be cleared before and after it is used. The stale value in stagedconfig could cause an MSR access error. Here i...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: tracing/probes: The error check in parsebtffield has been fixed. btffindstructmember may return NULL or an error via the ERRPTR macro. However, its caller in parsebtffield only checks for the NULL condition. This issue is fixed b...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: gfs2: Check sbbsizeshift after reading the superblock Fuzzers often modify sbbsizeshift, but in reality it’s very unlikely that this field would be corrupted on its own. Nevertheless, it should still be checked to avoid potential...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: Intel: sofsdw – handling errors during card registration. If card registration fails, usually due to deferred probes, the device properties added for headset codecs are not removed, which leads to kernel errors during...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel versions 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur during batch hypercalls, where multiple operations are performed in a single hypercall. The success or failure of each operation is reported to the backend driver, and the...
Astra Linux – Vulnerability in libxml2
A issue was discovered in libxml2 before version 2.10.4. When hashing empty dictionary strings in a crafted XML document, the xmlDictComputeFastKey function in dict.c can produce non-deterministic values, resulting in various logical and memory errors, such as double-free errors. This behavior...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: cifs: A connection leak occurs when the tlink setup fails. If the tlink setup fails and connections are lost, then the refcnt leak occurs due to the cifsd kthread not exiting. Additionally, fscache information is also leaked...
CVE-2026-12047
HTML injection in pgAdmin 4's cloud deployment module. The verifycredentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text — and the related file-resolution and database-commit...
CVE-2026-12047
CVE-2026-12047 – pgAdmin 4 : HTML injection in the cloud deployment module arises when unsanitised exception text (from verify_credentials, deploy, and related endpoints under /rds/, /azure/, /google/, and /cloud/) is echoed into JSON response fields (info/errormsg) and rendered by the Cloud Wiza...
CVE-2026-55203
HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...
CVE-2026-55203 HAProxy - Integer Overflow in FCGI Demux Record Length Field
HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...
EUVD-2026-37891
Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...
CVE-2026-42488 x86: mismatched mapcache metadata
Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...
PT-2026-50813
Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.6 through 9.15 Description HTML injection is possible in the cloud deployment module. The application propagates exception text from AWS, Azure, and Google SDKs, as well as file-resolution and database-commit exceptions,...
Siemens RUGGEDCOM RST2428P Privilege Dropping / Lowering Errors (CVE-2026-35535)
In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...
CVE-2026-7850
The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks...
redis: RESTORE invalid memory access may allow remote code execution
A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...
CVE-2026-7850
The WP Magnific Popup WordPress plugin (versions through 1.0) is affected by a Stored XSS due to improper escaping of user-controlled link URLs before injecting them into the DOM when displaying image load error messages. This allows authenticated attackers with Author-level access or higher to i...
CVE-2026-7850 WP Magnific Popup <= 1.0 - Author+ Stored XSS via href Attribute
The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks...