Lucene search
K

2855 matches found

AstraLinux
AstraLinux
added 2026/05/03 11:59 p.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/mseal: The end of the current VMA was correctly updated during merging. Previously, we stored the end of the current VMA in currend. When moving to the next VMA, we updated currstart to currend to proceed to the next VMA...

5.5CVSS5.2AI score0.00218EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.10 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a BUGON triggered when merging root nodes when the root entry in btrfs contains a non-zero dropprogress...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References1
Veracode
Veracode
added 2026/04/30 6:55 a.m.9 views

Prototype Pollution

Axios is vulnerable to Prototype Pollution. The vulnerability is due to use of the in operator in the mergeDirectKeys strategy for validateStatus, which traverses the prototype chain, allowing a polluted Object.prototype.validateStatus to override behavior and treat all HTTP responses as...

8.2CVSS5.3AI score0.00611EPSS
Exploits1References42Affected Software1
NVD
NVD
added 2026/04/29 8:16 p.m.8 views

CVE-2018-25306

PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in the XRef::getEntry function within libpoppler by providing a specially crafted PDF...

6.9CVSS0.00177EPSS
Exploits1References4
NVD
NVD
added 2026/04/29 8:16 p.m.4 views

CVE-2018-25298

Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hija...

6.9CVSS0.00138EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/29 7:24 p.m.31 views

CVE-2018-25306 PDFunite 0.41.0 Buffer Overflow via Malformed PDF

PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in the XRef::getEntry function within libpoppler by providing a specially crafted PDF...

6.9CVSS0.00177EPSS
Exploits1References4
CVE
CVE
added 2026/04/29 7:24 p.m.9 views

CVE-2018-25306

PDFunite 0.41.0 contains a local buffer overflow in processing malformed PDFs during merge, causing a segmentation fault via XRef::getEntry in libpoppler when a crafted PDF is merged. This is a local-impact vulnerability that can crash the pdfunite utility; exploitation details and a validated fi...

6.9CVSS5.7AI score0.00177EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/04/29 7:24 p.m.10 views

CVE-2018-25298

CVE-2018-25298 affects Merge PACS 7.0. It is a cross-site request forgery (CSRF) that enables attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Specifically, POST requests to /servlet/actions/merge-viewer/summary can hijack user sessio...

6.9CVSS5.2AI score0.00138EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/29 7:24 p.m.4 views

CVE-2018-25298 Merge PACS 7.0 Cross-Site Request Forgery via merge-viewer

Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hija...

6.9CVSS5.2AI score0.00138EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/29 7:24 p.m.6 views

EUVD-2018-21818

Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hija...

6.9CVSS5.2AI score0.00138EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/29 7:24 p.m.38 views

CVE-2018-25298 Merge PACS 7.0 Cross-Site Request Forgery via merge-viewer

Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hija...

6.9CVSS0.00138EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.12 views

Merative Merge PACS 跨站请求伪造漏洞

Merative Merge PACS is a medical imaging archiving and communication system developed by the American company Merative. Version 7.0 of Merative Merge PACS contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, allowing attackers to execute...

6.9CVSS5.8AI score0.00138EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.5 views

PT-2026-35981

Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hija...

6.9CVSS5.2AI score0.00138EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35693

A security flaw has been discovered in Totolink A8000RU 7.1cu.643 b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the...

10CVSS8.3AI score0.02421EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

TOTOLINK A8000RU 命令注入漏洞

The TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A8000RU 7.1cu.643b20200521 version has a command injection vulnerability. This vulnerability stems from the setWiFiEasyGuestCfg function in the CGI Handler component, specifically the operation of the...

10CVSS7.3AI score0.02421EPSS
Exploits0References1
NVD
NVD
added 2026/04/27 1:16 p.m.8 views

CVE-2026-7125

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge leads to os command injection. The attack may be initiated remotely. T...

10CVSS0.01766EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/27 12:45 p.m.5 views

CVE-2026-7125

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge leads to os command injection. The attack may be initiated remotely. T...

10CVSS8.3AI score0.01766EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.10 views

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the function setWiFiEasyCfg in the CGI Handler component’s file/cgi-bin/cstecgi.cgi, which...

10CVSS7.3AI score0.01766EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/24 7:21 p.m.3 views

Prototype Pollution

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeDirectKeys function in mergeConfig. An attacker can force a request configuration to inherit attacker-controlled properti...

8.2CVSS6.7AI score0.00611EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:21 p.m.5 views

Prototype Pollution

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution through the mergeConfig code path in the request configuration handling. An attacker can influence request behavior by supplying a crafted config obje...

9.1CVSS6.6AI score0.00838EPSS
Exploits1References2
Rows per page
Query Builder