tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the ref and modeorig POST parameters in oswatch.php, allowing uncleane...

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the id and ticketid GET parameters in the patientw.php file, allowing...

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of cleanup in the deletemodule.php file, allowing multiple POST paramete...

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to clean the frmname and frmid POST parameters in...

PT-2026-42611

Summary A reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI injection. Details PageLeavingWarning.vue reads ncRedirectUrl and ncBackUr...

PT-2026-42708

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description RSA and DSA public key parsers fail to enforce size limits on key parameters. An unauthenticated client can trigger excessive CPU consumption during signature...

FreeBSD 缓冲区错误漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. FreeBSD has a buffer error vulnerability, which stems from ptracePTSCREMOTE failing to properly validate the parameters of syscall2 and syscall2 system calls. This vulnerability may allow users with debugging capabilitie...

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of proper cleaning of multiple POST parameters in the dbloader.php file,...

PT-2026-42673

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description A reflected Cross-Site Scripting XSS issue exists in the Page Leaving Warning page. The application reads the ncRedirectUrl and ncBackUrl query parameters from the route query without proper...

PT-2026-42494

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in db loader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters ticketshost, ticketsdb, ticketsuser, ticketspassword,...

WordPress plugin Divi Form Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-42518

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tick id and f tick id POST parameters are concatenated into WHERE clauses of SELECT statements in the statistics rollup queries without sanitization. Authenticated attackers can craft requests...

PT-2026-42509

Name of the Vulnerable Software and Affected Versions Open ISES Tickets versions prior to 3.44.2 Description An issue exists in the 'tables.php' endpoint where multiple POST parameters, specifically tablename, indexname, and sortby, are concatenated into table or column identifiers within...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

Astra Linux - уязвимость в openvpn

A vulnerability was discovered in OpenVPN 2.4.x prior to version 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using the victim’s peer-id. Normally, such packets are discarded. However, if this packet arrives before the data channel crypto parameters have been initialized, the...

Astra Linux - уязвимость в linux, linux-5.10

A stack overflow flaw was discovered in the Linux kernel’s SYSCTL subsystem regarding how a user modifies certain kernel parameters and variables. This flaw allows a local user to crash the system or potentially escalate their privileges on the system...

Astra Linux - уязвимость в firefox

Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox versions earlier than 110...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/queue: The call to fini during the creation of an execution queue fails. Every call to queue initialization should include a corresponding fini call. Skipping this would mean failing to remove the queue from the GuC list...