385 matches found
CVE-2026-57270
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
EUVD-2026-41231
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-57269
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-57266
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-50280
Craft CMS is a content management system CMS. In versions 5.0.0-RC1 and above prior to 5.9.21, the EntriesController::actionMoveToSection endpoint gates the destination section only by viewEntries:$section-uid rather than requiring saveEntries permission the source entry is separately checked via...
CVE-2026-53057 iommu/riscv: Add IOTINVAL after updating DDT/PDT entries
In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Add IOTINVAL after updating DDT/PDT entries Add riscviommuiodiriotinval to perform required TLB and context cache invalidations after updating DDT or PDT entries, as mandated by the RISC-V IOMMU specification Section...
PT-2026-48408
Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and lea...
MAL-2026-5207 Malicious code in @forjacms/sections (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
CVE-2026-40898
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field...
CVE-2026-36460
Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding...
EUVD-2026-34140
Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding...
PT-2026-45989
Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding...
CVE-2026-36460
CVE-2026-36460 affects Dovestones Softwares ADPhonebook prior to v4.0.1.1. The issue is a Cross Site Scripting flaw in the /Admin/Save API where an authenticated admin can store malicious JavaScript payloads in multiple configuration sections due to missing input validation or output encoding. Af...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: objtool: A memory leak has been fixed in the createStaticcallsections function. strdup allocates memory for keyname. We need to release this allocated memory in the following error-prone code paths. Add free to avoid the memory...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: rcv: mm: Fixed the out-of-bound issue with vmemmap addresses In the sparse vmemmap model, the virtual address of vmemmap is calculated as: struct page VMEMMAPSTART - physrambase PAGESHIFT. The virtual address of struct pages can...
SUSE CVE-2026-43289
In the Linux kernel, the following vulnerability has been resolved: kexec: derive purgatory entry from symbol kexecloadpurgatory derives image-start by locating eentry inside an SHFEXECINSTR section. If the purgatory object contains multiple executable sections with overlapping shaddr, the...
CVE-2026-43289
In the Linux kernel, the following vulnerability has been resolved: kexec: derive purgatory entry from symbol kexecloadpurgatory derives image-start by locating eentry inside an SHFEXECINSTR section. If the purgatory object contains multiple executable sections with overlapping shaddr, the...
CVE-2026-43289
In the Linux kernel, the following vulnerability has been resolved: kexec: derive purgatory entry from symbol kexecloadpurgatory derives image-start by locating eentry inside an SHFEXECINSTR section. If the purgatory object contains multiple executable sections with overlapping shaddr, the...
PT-2026-38931
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the kexec load purgatory function where image-start is derived by locating e entry within an SHF EXECINSTR section. If the purgatory object contains multiple executabl...
CVE-2026-41650
fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...