206 matches found
CVE-2025-15154 PbootCMS Header handle.php get_user_ip less trusted source
A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function getuserip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiat...
PbootCMS 安全漏洞
PbootCMS is PbootCMS open source an open source enterprise website content management system CMS developed using PHP language. A security vulnerability exists in PbootCMS 3.2.12 and earlier versions, which stems from the incorrect operation of the Header Handler component function getuserip on th...
CVE-2023-54155
The CVE relates to the Linux kernel net/xdp path. Root cause: a previous check enforcing xdp.frame_sz > PAGE_SIZE was removed in the context of allowing bpf_xdp_adjust_tail() to grow packet size, after xdp_init_buff() was introduced. This can allow excessive frame sizes (e.g., xdp->frame_sz...
kernel: net: tun: Update napi->skb after XDP process
A use-after-free flaw was found in tungetuser in drivers/net/tun.c in network TUNnel module in Linux kernel. This flaw could allow an attacker to crash the system at device disconnect. This vulnerability could even lead to a kernel information leak problem...
CVE-2025-14183 SGAI Space1 NAS N1211DS gsaiagent JSONAPI GET_USER_INFO credentials storage
A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GETFACTORYINFO/GETUSERINFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit...
CVE-2025-14183 SGAI Space1 NAS N1211DS gsaiagent JSONAPI GET_USER_INFO credentials storage
A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GETFACTORYINFO/GETUSERINFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit...
PT-2025-49394
A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET FACTORY INFO/GET USER INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The...
EUVD-2025-200245
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in...
CVE-2025-41015
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister...
kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugepmdunshare vs GUP-fast race hugepmdunshare drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in...
SUSE-SU-2025:21040-1 Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. - CVE-2025-38539: trace/fgraph: Fix the warning caused by missi...
SUSE-SU-2025:21056-1 Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. - CVE-2025-38539: trace/fgraph: Fix the warning caused by missi...
PT-2025-42259
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a use-after-free issue identified through syzbot reporting. The issue occurs after commit e6d5dbdd20aa, which added multi-buff support for XDP running in gener...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Revert "riscv: Define TASKSIZEMAX for accessok" This reverts commit ad5643cf2f69 "riscv: Define TASKSIZEMAX for accessok". This commit changes TASKSIZEMAX to be LONGMAX to optimize accessok, because the previous TASKSIZEMAX defau...
CVE-2025-11629
RainyGao DocSys up to version 2.02.36 contains a SQL injection in the getUserList function (/Manage/getUserList.do). The vulnerability allows remote exploitation; exploit information has been disclosed publicly. Multiple sources (Red Hat, EU ENISA, CVE records, and PT Security) consistently ident...
CVE-2023-53633
CVE-2023-53633 pertains to the Linux kernel where the leak occurs in accel/qaic’s map_user_pages() path. If get_user_pages_fast() allocates some pages but not as many as requested, the current code fails to release the pages, causing a leak. The root cause is improper page accounting in the get_u...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987274)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987274 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix guppudrange for dax For dax pud, pudhuge returns true on x86. So the function works a...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986785)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986785 advisory. In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix memory leaks of napigetfrags kmemleak reports after running testprogs: unreference...
EUVD-2025-25891
Malicious code in bioql PyPI...