2114 matches found
CVE-2026-23962 Mastodon vulnerable to Denial of Service from a single post (client/server)
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a very large amount of options, greatly increasing...
CVE-2026-23962
Mastodon is vulnerable to Denial of Service due to an unlimited maximum number of poll options for remote posts in versions before v4.3.18, v4.4.12, and v4.5.5. The underlying issue allows an attacker to create polls with a very large number of options, leading to disproportionate resource usage ...
CVE-2026-23962
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a very large amount of options, greatly increasing...
CVE-2026-23962 Mastodon vulnerable to Denial of Service from a single post (client/server)
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a very large amount of options, greatly increasing...
PT-2026-3900
Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.3.18 Mastodon versions prior to 4.4.12 Mastodon versions prior to 4.5.5 Description Mastodon is a free, open-source social network server based on ActivityPub. Versions of Mastodon prior to 4.3.18, 4.4.12, and 4.5....
Azure Linux 3.0 Security Update: kernel (CVE-2025-22086)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22086 advisory. - In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5pollone curqp update...
Azure Linux 3.0 Security Update: kernel (CVE-2025-38123)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38123 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Fix napi rx poll issue...
WordPress Poll, Survey, Form & Quiz Maker by OpinionStage plugin < 19.6.25 - Unauthenticated Cross-Site Scripting (XSS) vulnerability
Unauthenticated Cross-Site Scripting XSS vulnerability discovered by WPscan in WordPress Plugin Poll, Survey & Quiz Maker Plugin by Opinion Stage versions 19.6.25...
PT-2026-3316
Poll, Survey & Quiz Maker Plugin by Opinion Stage Wordpress plugin versions prior to 19.6.25 contain a stored cross-site scripting XSS vulnerability via multiple parameters due to insufficient input validation and output escaping. An unauthenticated attacker can inject arbitrary script into conte...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003706)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003706 advisory. An issue was discovered in aiopoll in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aiopollwake if an expected event is triggered immediately...
CVE-2025-71117
In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queueifnopath option...
CVE-2025-71117
In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queueifnopath option...
UBUNTU-CVE-2025-71117
In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queueifnopath option...
CVE-2025-71117 block: Remove queue freezing from several sysfs store callbacks
In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queueifnopath option...
CVE-2025-71117
In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queueifnopath option...
CVE-2025-71117
In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queueifnopath option...
Astra Linux - уязвимость в linux-6.12
In the Linux kernel, the following vulnerability has been resolved: 9p/transfd: p9fdrequest: kick rx thread if EPOLLIN p9readwork doesn't set Rworksched and doesn't do scheduleworkm-rq if listempty&m-reqlist. However, if the pipe is full, we need to read more data and this used to work prior to...
CVE-2022-0205
The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escape some of the settings available to users with a role as low as author before outputting them, leading to a Stored Cross-Site Scripting issue...
CVE-2017-18521
The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll=l10n...
CVE-2017-18520
The democracy-poll plugin before 5.4 for WordPress has XSS via updatel10n in admin/class.DemAdminInit.php...