30541 matches found
Grimmory 跨站脚本漏洞
Grimmory is an open-source e-book management software developed by Grimmory. Versions of Grimmory prior to 2.3.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the browser EPUB reader, allowing attackers to embed arbitrary JavaScript in specially crafted EPUB file...
Ech0's RSS feed renders unescaped tag names and raw-HTML markdown, stored XSS against subscribers
Summary The public RSS/Atom feed at /rss renders two attacker-controlled surfaces without HTML escaping. Tag names flow through fmt.AppendfrenderedContent, "%s", tag.Name at internal/service/common/common.go:120, and the Markdown renderer at internal/util/md/md.go does not set the html.SkipHTML...
CVE-2026-43272
A flaw was found in the Linux kernel's ring-buffer component. This vulnerability allows a local user to potentially cause a denial of service. The issue occurs because a pointer in the rbmetavalidateevents function is not properly initialized, and its dereference during a reader page validation...
Unity Linux 20.1070a Security Update: osbuild-composer (UTSA-2026-016489)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016489 advisory. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large...
GHSA-2V93-VP82-CJV8 Velocidex Velociraptor has an Incorrect Authorization issue
Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization the lowest authenticated role, holding only READRESULTS permission can issue a single authenticated HTTP GET that can read any files...
EUVD-2026-27844
Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization the lowest authenticated role, holding only READRESULTS permission can issue a single authenticated HTTP GET that can read any files...
Velocidex Velociraptor has an Incorrect Authorization issue
Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization the lowest authenticated role, holding only READRESULTS permission can issue a single authenticated HTTP GET that can read any files...
CVE-2026-6863
Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization the lowest authenticated role, holding only READRESULTS permission can issue a single authenticated HTTP GET that can read any files...
CVE-2026-43111
A flaw was found in the Linux kernel's roccat Human Interface Device HID driver. This vulnerability, a use-after-free, arises from a synchronization issue where the roccatreportevent function accesses a list of readers without adequate locking. A local attacker could exploit this to cause a syste...
avro-oom-compression-poc
Avro Decompression Bomb PoC CWE-409 Proof of concept demons...
CVE-2026-6863
Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization the lowest authenticated role, holding only READRESULTS permission can issue a single authenticated HTTP GET that can read any files...
CVE-2026-6863
CVE-2026-6863 affects Velociraptor versions prior to 0.76.4, where the HTTP API permits a cross-organization authorization bypass. A user with only the reader role in the root organization (lowest authenticated role with READ_RESULTS) can issue a single authenticated HTTP GET that can read any fi...
CVE-2026-6863 HTTP Filestore Endpoints Misapply Permissions Across Organizations
Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization the lowest authenticated role, holding only READRESULTS permission can issue a single authenticated HTTP GET that can read any files...
BIT-JAVA-MIN-2024-25062
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...
BIT-JAVA-2024-25062
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...
CVE-2026-43272
CVE-2026-43272 concerns the Linux kernel ring-buffer component. The root cause is an uninitialized pointer in rb_meta_validate_events(), which can be dereferenced during a reader-page validation failure, potentially causing a system crash or instability. The issue is fixed by initializing orig_he...
PT-2026-37643
Name of the Vulnerable Software and Affected Versions Velociraptor versions prior to 0.76.4 Description A cross organization authorization bypass exists in the HTTP API. A user assigned the reader role in the root organization, which possesses only READ RESULTS permission, can perform an...
PT-2026-37809
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...
PT-2026-38016
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...
Linux Distros Unpatched Vulnerability : CVE-2026-42440
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 2.5.9 before 3.0.0-M3 Description: The...