CVE-2026-40384

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

CVE-2026-40384 Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

CVE-2026-40384

CVE-2026-40384 affects Joomla! Core — com_media webservice endpoint. The issue is improper validation of the search parameter in the com_media files API, enabling path traversal. Documented across NVD, CVE records, and security feeds; impact described as path traversal with high confidentiality i...

CVE-2026-3294 Authentication Logic Vulnerability on Multiple TP-Link Range Extenders

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full...

CVE-2026-39829

CVE-2026-39829 affects golang.org/x/crypto/ssh. The vulnerability arises because the RSA/DSA public key parsers did not enforce size limits on key parameters, allowing crafted keys with oversized modulus or DSA parameters to cause prolonged CPU use during signature verification. Affected behavior...

CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

CVE-2026-45253

ptracePTSCREMOTE failed to properly validate parameters for the syscall2 and syscall2 meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. The missing validation allows ...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdgpu: The parameters of bo mapping operations need to be clarified. The parameters of amdgpuvmbomap/replacemap/clearingmappings should be verified in a single common place...

FreeBSD Security Advisory - FreeBSD-SA-26:21.ptrace

FreeBSD Security Advisory - ptracePTSCREMOTE failed to properly validate parameters for the syscall2 and syscall2 meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges...

CVE-2026-31070

The LalanaChami Pharmacy Management System commit 5c3d028 allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body...

CVE-2026-8125

A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parameter validity results in sql injection. The attack may be launched remotely. The exploit is now...

Debian dsa-6259 : python-jwt-doc - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6259 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6259-1 [email protected] https://www.debian.org/security/...

CVE-2026-43291

A flaw was found in the Linux kernel's Near Field Communication NFC NCI subsystem. Incorrect parameter validation for variable-length packet data can lead to communication failures with NCI NFC chips. This issue, stemming from an attempt to prevent access to uninitialized data, results in a Denia...

EUVD-2026-28561

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b "net: nfc: nci: Add parameter validation for packet data" communication with nci nfc chips is not working any more. The mentioned commit tries to f...

CVE-2026-43291

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b "net: nfc: nci: Add parameter validation for packet data" communication with nci nfc chips is not working any more. The mentioned commit tries to f...

CVE-2026-43291

CVE-2026-43291 affects the Linux kernel NFC NCI subsystem. A parameter validation flaw for variable-length data packets can trigger a DoS by breaking NFC communication with NCI chips. Root cause: code compared variable-length packet data against a maximum length derived from sizeof(struct), ignor...

PT-2026-38933

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the net: nfc: nci component where parameter validation for packet data was incorrectly implemented. A previous attempt to prevent access to uninitialized data failed t...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an issue with NCI packet parameter validation. This vulnerability may lead to communication failures...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via improper validation of user-supplied fields in the filter and sortby parameters. An attacker can cause the backend to return HTTP 500 errors, potentially disrupt service availability, and...

PT-2026-38489

Summary Nokogiri's Nokogiri::XSLT::Stylesheettransform leaks a small heap allocation when passed a Ruby string parameter containing a null byte. For applications that pass attacker-controlled input through XSLT.transform parameters, this may be a vector for a denial of service attack against...