15102 matches found
Arelle 访问控制错误漏洞
Arelle is an open-source XBRL platform developed by Arelle Open Source. It supports data validation and integration. Versions of Arelle prior to 2.39.10 contained a security vulnerability related to access control. This vulnerability stemmed from the /rest/configure REST endpoint accepting plugin...
Yeapook WDR201A WiFi Extender 操作系统命令注入漏洞
The Yeapook WDR201A WiFi Extender is a wireless signal extension device from the Yeapook company. The Yeapook WDR201A WiFi Extender HW V2.1 version and FW LFMZX28040922V1.02 version have a vulnerability related to operating system command injection. This vulnerability stems from the sz11gChannel ...
PT-2026-36894
Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide hidden mail fields regex callback method reads an iteration count directly from user-supplied POST parameters...
RHCOS 6 : Red Hat OpenShift Enterprise 1.1.1 update (Moderate) (RHSA-2013:0582)
The remote Red Hat Enterprise Linux CoreOS 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0582 advisory. - rubygem-actionpack: Unsafe query generation CVE-2012-2660 - rubygem-activerecord: SQL injection when processing nested query...
Edimax BR-6428nC 注入漏洞
The Edimax BR-6428nC is a multi-functional wireless broadband router produced by Edimax Corporation. Versions of Edimax BR-6428nC prior to 1.16 contained a vulnerability. This vulnerability stemmed from an unknown function in the component’s Web Interface, specifically the file/goform/setWAN, whi...
CLSA-2026-1777541445 bluez: Fix of 3 CVEs
CVE-2022-0204: fix heap overflow when appending prepare writes in gatt-server - CVE-2022-39176: fix not checking paramslen in AVRCP vendordep PDU handling - CVE-2022-39177: fix accepting invalid/malformed capabilities in AVDTP...
SUSE SLES12 Security Update : dovecot22 (SUSE-SU-2026:1641-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1641-1 advisory. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. - CVE-2025-59032:...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview astro-mcp-server is a MCP server for Astro ASO App Store Optimization data - Access keyword rankings, historical data, and app metrics Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' in t...
CVE-2026-7591
A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attac...
CVE-2026-43019
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in setcigparamssync hciconn lookup and field access must be covered by hdev lock in setcigparamssync, otherwise it's possible it is freed concurrently. Take hdev lock to prevent hciconn from...
CVE-2026-43019
The CVE-2026-43019 issue affects the Linux kernel Bluetooth HCI path, where hci_conn lookups and field access in set_cig_params_sync were not properly protected by the hdev lock, allowing a use-after-free when an hci_conn could be freed concurrently. The documented fix is to take the hdev lock to...
CVE-2026-43019 Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in setcigparamssync hciconn lookup and field access must be covered by hdev lock in setcigparamssync, otherwise it's possible it is freed concurrently. Take hdev lock to prevent hciconn from...
CVE-2026-43019
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in setcigparamssync hciconn lookup and field access must be covered by hdev lock in setcigparamssync, otherwise it's possible it is freed concurrently. Take hdev lock to prevent hciconn from...
CVE-2026-43018 Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in hcileremoteconnparamreqevt hciconn lookup and field access must be covered by hdev lock in hcileremoteconnparamreqevt, otherwise it's possible it is freed concurrently. Extend the...
CVE-2026-43018
The CVE-2026-43018 entry is confirmed: a Use-After-Free in Linux kernel Bluetooth HCI event handling (hci_le_remote_conn_param_req_evt) due to insufficient locking during hci_conn lookup/access. The vulnerability arises from hci_conn lookup and field access not always being protected by the hdev ...
CVE-2026-43018
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in hcileremoteconnparamreqevt hciconn lookup and field access must be covered by hdev lock in hcileremoteconnparamreqevt, otherwise it's possible it is freed concurrently. Extend the...
PT-2026-36299
Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
PT-2026-36536
Name of the Vulnerable Software and Affected Versions astro-mcp-server versions prior to 1.1.2 Description A flaw in the MCP Tool Query Construction component, specifically within a function in the src/index.ts file, allows for remote SQL injection. This occurs when the request.params.arguments...
Astro MCP Server 注入漏洞
Astro MCP Server is an app store optimized data query tool by Tim Broddin, an individual developer. An injection vulnerability exists in Astro MCP Server 1.1.1 and earlier versions, which stems from an unknown function in the src/index.ts file in the MCP Tool Query Construction component that...
PT-2026-36435
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the Bluetooth component. In the hci le remote conn param req evt function, the hci conn lookup and field access are not properly protected by the hde...