425 matches found
PT-2026-43939
In the Linux kernel, the following vulnerability has been resolved: ntfs3: add buffer boundary checks to run unpack run unpack checks run buf run last at the top of the while loop but then reads size size and offset size bytes via run unpack s64 without verifying they fit within the remaining...
EUVD-2026-31569
A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=savepatienthistory. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...
PT-2026-42913
A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=save patient history. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel up to version 6.2.7, fs/ntfs3/inode.c contains an invalid kfree function because it does not validate the MFT flags before replaying logs...
Astra Linux - уязвимость в ntfs-3g
In NTFS-3G versions before 2021.8.22, when a specially crafted NTFS attribute is provided to the function ntfsgetattributevalue, a heap buffer overflow can occur, allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access, which can be...
Astra Linux - уязвимость в ntfs-3g
NTFS-3G versions prior to 2021.8.22 may experience a heap buffer overflow when a specially crafted NTFS attribute is set up using the function ntfsattrsetupflag. This could allow code execution and an escalation of privileges...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Added a null pointer check for inode operations This adds a sanity check for the iop pointer of the inode, which is returned after reading the Root directory MFT record. We should check that the iop is valid before...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix missing iop in ntfsreadmft There is null pointer dereference because iop == NULL. The bug happens because we don't initialize iop for records in $Extend...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013468)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013468 advisory. In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. Tenable has extracted the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010744)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010744 advisory. In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. Tenable has extracted the...
CVE-2026-6573
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...
EUVD-2026-23703
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...
PT-2026-33631
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...
PHPEMS 安全漏洞
PHPEMS is an open-source PHP online simulation exam system. Version PHPEMS 11.0 contains a security vulnerability, which stems from the operation of the uploadfile parameter in the file /app/exam/controller/exams.master.php. This operation leads to server-side request forgeing, potentially allowi...
CVE-2026-26883
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=deleteappointment...
CVE-2026-2848 SourceCodester Simple Responsive Tourism Website Registration Master.php sql injection
A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=register of the component Registration. This manipulation of the argument Username causes sql injection. The attack may be...
CVE-2026-2160
A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=savepackage. The manipulation of the argument Title leads to cross site scripting. The attack can be initiat...
PT-2026-6990
Name of the Vulnerable Software and Affected Versions SourceCodester Simple Responsive Tourism Website version 1.0 Description A flaw exists in SourceCodester Simple Responsive Tourism Website version 1.0, specifically within an unknown function of the file /tourism/classes/Master.php?f=register...
CVE-2019-16542
Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2022-50841
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add overflow check for attribute size The offset addition could overflow and pass the used size check given an attribute with very large size e.g., 0xffffff7f while parsing MFT attributes. This could lead to out-of-boun...