CVE-2026-21640

HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...

CVE-2026-21640

HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...

CVE-2026-21640

HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...

CVE-2026-21640

The CVE-2026-21640 entry describes an INI format-string injection in Revive Adserver settings that can crash the admin console with a fatal PHP error when certain character sequences are used. The issue is reported for Revive Adserver (with a referenced 6.0.4 context in the HackerOne report). Roo...

Revive Adserver security vulnerability

Revive Adserver is a set of open-source advertising management systems developed by the Revive Adserver team. This system offers functions such as advertising placement, ad slot management, and data statistics. There is a security vulnerability in Revive Adserver; this vulnerability stems from...

MiracleLinux 9 : libinput-1.19.3-2.el9 (AXSA:2022-3984:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3984:02 advisory. libinput: format string vulnerability may lead to privilege escalation CVE-2022-1215 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : rh-mariadb105-galera-26.4.11-1.el7, rh-mariadb105-mariadb-10.5.16-2.el7 (AXSA:2022-3624:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3624:01 advisory. mariadb: convertconsttoint use-after-free when the BIGINT data type is used CVE-2021-46669 mariadb: lack of proper validation of the length of...

PT-2026-3657

HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...

MiracleLinux 8 : libinput-1.16.3-3.el8 (AXSA:2022-3673:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3673:01 advisory. libinput: format string vulnerability may lead to privilege escalation CVE-2022-1215 Tenable has extracted the preceding description block directly from the...

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2025-53591)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...

MiracleLinux 9 : ghostscript-9.54.0-17.el9_4 (AXSA:2024-8750:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8750:04 advisory. ghostscript: format string injection leads to shell command execution SAFER bypass CVE-2024-29510 ghostscript: path traversal and command execution...

MiracleLinux 3 : qt-3.3.6-23.1AXS3 (AXBA:2008-211:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2008-211:01 advisory. - The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remo...

MiracleLinux 3 : qt-3.3.6-23.1AXS3 (AXBA:2008-400:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2008-400:02 advisory. - The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remo...

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2025-52429)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2025-53406)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2025-48730)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000785)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000785 advisory. Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9...

MiracleLinux 7 : udisks2-2.7.3-9.el7 (AXSA:2019-4045:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4045:02 advisory. udisks: Format string vulnerability in udiskslog in udiskslogging.c CVE-2018-17336 Tenable has extracted the preceding description block directly from the...

CVE-2025-68816

A flaw was found in the Linux kernel's mlx5 firmware tracer. A malicious or compromised firmware can provide specially crafted format strings to the tracer. Due to insufficient validation of these parameters, this can lead to system crashes, resulting in a Denial of Service DoS, or potentially...

net/mlx5: fw_tracer, Validate format string parameters

...