43 matches found
RLSA-2026:36639 Important: nginx:1.26 security, bug fix, and enhancement update
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers CVE-2026-42055 Bug Fixes...
ALSA-2026:36364 Important: nginx security, bug fix, and enhancement update
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers CVE-2026-42055 Bug Fixes...
ALSA-2026:36331 Important: nginx security, bug fix, and enhancement update
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers CVE-2026-42055 Bug Fixes...
EUVD-2026-13836
Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt t...
CVE-2018-18271
XSS exists in CMS Made Simple version 2.2.7 via the m1extra parameter in an admin/moduleinterface.php "Content--News--Add Article" action...
EUVD-2025-25022
Malicious code in bioql PyPI...
CVE-2025-26711
There is an unauthorized access vulnerability in ZTE T5400. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface...
CVE-2025-26711
There is an unauthorized access vulnerability in ZTE T5400. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface...
CVE-2025-26711
There is an unauthorized access vulnerability in ZTE T5400. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface...
CVE-2025-26709
There is an unauthorized access vulnerability in ZTE F50. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface...
CVE-2025-26709
CVE-2025-26709 affects ZTE F50 with an unauthorized access vulnerability due to improper permission control in the Web module interface. The root cause is insufficient access controls, allowing an attacker with adjacent access and low exploit complexity to obtain sensitive information via the Web...
PT-2025-33473 · Zte · Zte F50
Name of the Vulnerable Software and Affected Versions: ZTE F50 affected versions not specified Description: An unauthorized access issue exists in ZTE F50 due to improper permission control of the Web module interface. This allows an unauthorized attacker to obtain sensitive information through t...
The vulnerability of the Ruby interpreter’s Rack module’s interface allows a hacker to trigger a service failure.
The vulnerability of the Ruby interpreter’s Rack module interface is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
CVE-2024-22067
ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands...
ROS-20250403-16
A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to an incorrect checking of X-Sendfile-Type header input in Rack::Sendfile during processing. Exploitation of the vulnerability could allow an attacker acting remotely to manipulate log entries...
CVE-2020-9236
There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. Vulnerability ID: HWPSIRT-2020-0501...
CVE-2024-22067 ZTE NH8091 product has an improper permission control vulnerability
ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands...
CVE-2024-22067 ZTE NH8091 product has an improper permission control vulnerability
ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands...
CVE-2024-1528
CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to ...
Huawei HarmonyOS 访问控制错误漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from an issue in the WMS module where the interface is not properly authenticated, which cou...