tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of proper cleaning of multiple POST parameters in the dbloader.php file,...

PT-2026-45157

Name of the Vulnerable Software and Affected Versions Twig affected versions not specified Description The TwigProfilerDumperHtmlDumper component fails to escape the output of Profile::getTemplate and Profile::getName when writing to HTML. If an attacker can control the template name—which may...

PT-2026-42583

Description When the sandbox is enabled selectively via SourcePolicyInterface and not globally, a sandboxed template that is allowed to call template from string and include can render an arbitrary inner template with no security policy enforcement. Environment::createTemplate compiles the inner...

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from multiple POST parameters in the dbloader.php file—ticketsdb, ticketshost, ticketsuser, a...

PT-2026-42519

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php a public-facing database utility that are committed to the source repository. Any actor with access to the public source tree or an unauthenticated attacker with read access to the file on a deployed...

TencentOS Server 4: gdk-pixbuf2 (TSSA-2026:0321)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0321 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

PT-2026-42514

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db loader.php where the multiple POST parameters ticketsdb, ticketshost, ticketsuser, ticketspassword are concatenated into mysqli connection arguments and dynamic SQL operating against an attacker-controlled database witho...

GO-2026-4965 Nuclei: Local File Read via require() Module Loader Bypass in github.com/projectdiscovery/nuclei

Nuclei: Local File Read via require Module Loader Bypass in github.com/projectdiscovery/nuclei...

Malicious code in libhmac (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fccbd481dd2bd04274c5045995a08ddbcf302780c24f39eb63821d5d63a998d1 The PyPI name 'libhmac' matches the well-known libyal/libhmac C forensics library HMAC primitive, but the package contents have nothing to do with HM...

Malicious code in nw-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e3ff057a42800ad78024ac1c48e0d6fbf9c828eb828a41e6737c32b6174ce8c Package is published publicly on npm at version 100.20.33 — a version-number shape used in dependency-confusion attacks to outrank private internal...

MAL-2026-4624 Malicious code in nw-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e3ff057a42800ad78024ac1c48e0d6fbf9c828eb828a41e6737c32b6174ce8c Package is published publicly on npm at version 100.20.33 — a version-number shape used in dependency-confusion attacks to outrank private internal...

Malicious code in @weirdorg/config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b28e2fe6ac03c8e426aeb69f62bf0b2bd4dfdb06a5acee273bb5967186c5504d @weirdorg/config impersonates the widely-used config node-config package, copying its README verbatim including the require'config' usage example. Th...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k – Verify that the expected usbendpoints are present. This bug occurs when a USB device claims to be an ATH9K device, but it does not have the expected endpoints. In this case, there was an interrupt endpoint, and the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure that we do not read beyond the ELF header. When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand. However, this is not necessary for other clients. The size of the firmware...

Astra Linux - уязвимость в linux-5.10, linux

A issue was discovered in the Linux kernel through version 5.19.8. In the file drivers/firmware/efi/capsule-loader.c, there is a race condition that leads to a use-after-free situation...

Astra Linux - уязвимость в chromium

The poor implementation of the Loader component in Google Chrome before version 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в blender

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption, or potentially code execution...

Astra Linux - уязвимость в edk2

EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage function. An attacker may cause memory corruption due to an overflow through an adjacent network. Successful exploitation of this vulnerability could result in a loss of confidentiality, integrity, and/or availability...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: A use-after-free occurred during the unregister operation. In the following code within firmwareUploadunregister, the call to deviceunregister could cause the devrelease function to free the fwUploadPriv structure...

Astra Linux - уязвимость в u-boot

The U-Boot 2022.01 has a Buffer Overflow, a different issue compared to CVE-2022-30552...