3002 matches found
SickChill - Open Redirect
SickChill's login endpoint's 'next' parameter accepts arbitrary content, allowing authenticated attackers to perform open redirects, but this was fixed in commit c7128a8946c3701df95c285810eb75b2de18bf82 by redirecting to a default page. id: CVE-2024-53995 info: name: SickChill - Open Redirect...
Quiz and Survey Master <= 8.1.4 - SQL Injection
ExpressTech Quiz And Survey Master versions up to 8.1.4 contains an SQL injection caused by improper neutralization of special elements used in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2023-28787 info: name: Quiz and Survey Master =...
AxxonSoft Axxon Next - Local File Inclusion
AxxonSoft Axxon Next suffers from a local file inclusion vulnerability. id: CVE-2018-7467 info: name: AxxonSoft Axxon Next - Local File Inclusion author: 0xAkoko severity: high description: AxxonSoft Axxon Next suffers from a local file inclusion vulnerability. impact: | An attacker can read...
EUVD-2026-42581
A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwgnextentity of the file src/dwg.c of the component DWG File Handler. Performing a manipulation of the argument nextobj results in null pointer dereference. The attack must be initiated from a local...
CVE-2026-15184
CVE-2026-15184 affects GNU LibreDWG up to 0.13.4. The vulnerable element is the function dwg_next_entity in src/dwg.c of the DWG File Handler. Manipulating the argument next_obj can cause a null pointer dereference . The attack must come from a local position and an exploit has been made public. ...
CVE-2026-15173
A flaw was found in Wireshark. A remote attacker could exploit a vulnerability in the pcapng file parser, leading to a crash of the application. This denial of service DoS could prevent legitimate users from accessing the service, impacting its availability. Mitigation To mitigate this issue, use...
Malicious code in next-bignumber.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 615f1e472f3fec95854738e64a4e4883676d514db833ca3bfa7a1008c0253a57 Package impersonates the widely-used bn.js crypto library: README, repository URL, logo, and source files are copied verbatim from indutny/bn.js, but...
Malicious code in react-next-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e7369fd2dd1ba9002d2c693ba08c553c7c6fef54dba372146c11f20b43607aa react-next-dom masquerades as a React/Next.js ecosystem package but ships a pino-like surface concealing a remote code loader. The main export is a...
MAL-2026-6825 Malicious code in react-next-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a7b3360c09fca3400981d3d0d4c5e8a72c8193e0841c5d2eceb193a08fc440e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Improper Resource Shutdown or Release
Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...
next.js: Next.js: Information disclosure due to middleware bypass in Pages Router with i18n
A flaw was found in Next.js. Applications utilizing the Pages Router with internationalization i18n configured and middleware or proxy-based authorization are susceptible to unauthorized access. A remote attacker can exploit this by making locale-less /next/data//.json requests, which bypass the...
ipc: limit next_id allocation to the valid ID range
...
EUVD-2026-39803
Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...
SUSE CVE-2026-52923
In the Linux kernel, the following vulnerability has been resolved: ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently forwards that request to idralloc with an open-ended upper bound. If...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: sched/rt: The function rtonextcpu should now properly handle situations where only CPU0 is overloaded. In such cases, rtonextcpu should ideally return -1, indicating that no further IPIs are needed. The vulnerability arises when...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed out-of-bound access in fib6addrt2node. syzbot reported an out-of-bound read in fib6addrt2node. 0 When an IPv6 route is created with RTANHID, the struct fib6info does not have the trailing struct fib6nh. The referenced...
CVE-2026-52923
In the Linux kernel, the following vulnerability has been resolved: ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently forwards that request to idralloc with an open-ended upper bound. If...
CVE-2026-52923
The CVE-2026-52923 issue affects the Linux kernel IPC ID allocation in the checkpoint/restore path. ipc_idr_alloc() forwards the next_id request to idr_alloc() with an open-ended upper bound, so if the valid SysV IPC id tail is full the allocation can spill past ipc_mni. The encoded id may then r...
ROOT-APP-NPM-CVE-2026-44580 CVE-2026-44580 in @rootio/next - Patched by Root
Root has patched CVE-2026-44580 in the @rootio/next package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-GHSA-8H8Q-6873-Q5FJ GHSA-8h8q-6873-q5fj in @rootio/next - Patched by Root
Root has patched GHSA-8h8q-6873-q5fj in the @rootio/next package for Root:npm. Multiple fixed versions available...