10979 matches found
CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink
Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...
CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink
Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...
EUVD-2026-35396
TYPO3 CMS has Broken Access Control in the Recycler Module...
CVE-2026-47200 Nuxt: Route middleware not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`
Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, when experimental.componentIslands is enabled default in Nuxt 4, any...
Fake verification pages are stealing Steam accounts from players
Online gamers should watch out for a convincing scam that aims to steal your Steam account. The scam uses fake FACEIT verification pages that look legitimate, complete with official branding, working links, and what appears to be a real Steam login window. By the time it asks for your password,...
PT-2026-49023
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Software installed and run as a non-privileged user may perform GPU system calls to write to arbitrary freed physical pages. This occurs because physical memory...
Cross-Site Scripting (XSS)
CKAN is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of user-supplied input in the helpers.markdownextract function before it is wrapped in an HTML literal element, which allows an attacker to inject and execute malicious scripts on dataset,...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability caused by an improper implementation in the Headless component. This vulnerability could allow remote attackers to execute a sandbox escape by exploiting a...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability, which was caused by improper implementation of the password function. This vulnerability could allow remote attackers to bypass site...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation for untrusted inputs in the Network component. It could allow remote...
PT-2026-48698
Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wp ajax nopriv ftf get site info includes/Site Info.php that verified a nonce ftf-fediverse-embeds-nonce and then called file get html$site url on the...
CVE-2026-48268
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
SUSE CVE-2026-46325
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGESIZE The current implementation incorrectly handles memory regions MRs with page sizes different from the system PAGESIZE. The core issue is that rxesetpage is called...
EUVD-2026-35507
Improper neutralization of input during web page generation 'cross-site scripting' in Azure Stack Edge allows an authorized attacker to perform spoofing over a network...
CVE-2026-48562
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
EUVD-2026-35584
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-45467
CVE-2026-45467 describes an XSS vulnerability in Microsoft Office SharePoint Server caused by improper neutralization of input during web page generation. The issue can allow a network-based, authenticated attacker with low privileges to spoof content presented to users, requiring user interactio...
Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-46325
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGESIZE The current implementation incorrectly handles memory regions MRs with page sizes different from the system PAGESIZE. The core issue is that rxesetpage is called...
CVE-2026-46325 RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGESIZE The current implementation incorrectly handles memory regions MRs with page sizes different from the system PAGESIZE. The core issue is that rxesetpage is called...