Lucene search
K

8289 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: pm8001: Fix tag leaks on error In functions like pm8001chipsetdevstatereq, pm8001chipfwflashupdatereq, pm80xxchipPhyctlreq, and pm8001chipregdevreq, missing calls to pm8001tagfree have been added to free the allocated ta...

5.5CVSS6.2AI score0.00252EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in ruby-rails-html-sanitizer

Rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there was a potential XSS vulnerability with certain configurations of Rails::Html::Sanitizer, due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer might allow an attacke...

6.1CVSS6.6AI score0.0111EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Python-Django

In Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2, the % debug % template tag does not encode the current context properly. This may lead to Cross-Site Scripting XSS attacks...

6.1CVSS6.8AI score0.03328EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed a potential out-of-bound read issue in ext4fcreplayscan. For the scan loop, it is necessary to ensure that at least EXT4FCTAGBASELEN space is available. If the remaining space is less than EXT4FCTAGBASELEN, it may lea...

7.1CVSS5.7AI score0.00147EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: added a bounds check on the Transfer Tag. The ttag is used as an index to retrieve the cmd in nvmettcphandleh2cdatapdu. A bounds check was added to prevent out-of-bounds access...

5.6AI score0.00211EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in TIF format

LibTIFF 4.4.0 contains an out-of-bounds read vulnerability in tiffcrop, located at line 368 of libtiff/tifunix.c. This vulnerability is invoked by lines 2903 and 6921 in tools/tiffcrop.c. This allows attackers to cause a denial-of-service attack through a crafted TIF file. For users who compile...

6.8CVSS6.8AI score0.00421EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.15

A issue was discovered in the Linux kernel before version 6.3.4. ksmbd has a buffer overflow vulnerability in the smb2findcontextvals function, when the namelen of createcontext is larger than the length of the tag...

9.1CVSS7.2AI score0.02435EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-50900

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.3.2 containerd versions prior to 2.2.5 containerd versions prior to 2.1.9 containerd versions prior to 2.0.10 containerd versions prior to 1.7.33 Description The CRI checkpoint import process fails to validate...

9.9CVSS6.4AI score0.00354EPSS
Exploits0References43
NVD
NVD
added 2026/06/17 11:17 p.m.11 views

CVE-2026-44644

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. Versions 10.25.7 and below are vulnerable to XSS through a flaw in the striphtml filter logic. The striphtml filter is intended to remove HTML tags from a string before rendering, and is widely used as an XS...

6.1CVSS0.00203EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 10:25 p.m.28 views

CVE-2026-44646 LiquidJS: `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, Context.spawn creates a child Context for the % render % tag but does not propagate the parent context's resolved ownPropertyOnly value, resulting in a silent bypass. The new...

5.3CVSS0.00271EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 10:8 p.m.31 views

CVE-2026-44645

CVE-2026-44645 affects LiquidJS up to version 10.25.7, where the renderLimit DoS guard can be bypassed by an empty {% for %} or {% tablerow %} body. The per-iteration time check only runs when the body contains at least one template node, so templates like {% for i in (1..N) %}{% endfor %} bypass...

6.5CVSS5.2AI score0.00317EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 8:17 p.m.13 views

CVE-2026-48823

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the tag filtering functionality of Shaarli. An authenticated user can inject arbitrary JavaScript into the tags field when creating a bookmark Shaare. The malicious...

4.8CVSS0.00115EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 8:6 p.m.17 views

CVE-2026-48823 Shaarli has Stored Cross-Site Scripting (XSS) via Tags Search

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the tag filtering functionality of Shaarli. An authenticated user can inject arbitrary JavaScript into the tags field when creating a bookmark Shaare. The malicious...

4.8CVSS0.00115EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 8:6 p.m.12 views

CVE-2026-48823

Technical details are not publicly available in the provided documents. Monitor for updates from Shaarli advisories and releases.

4.8CVSS5.4AI score0.00115EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/17 8:6 p.m.7 views

CVE-2026-48823

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the tag filtering functionality of Shaarli. An authenticated user can inject arbitrary JavaScript into the tags field when creating a bookmark Shaare. The malicious...

4.8CVSS5.4AI score0.00115EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/16 9:28 p.m.7 views

Caddy: stripHTML template function bypass

Summary Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous content in the output if it is later rendered as HTML. This may allow...

4.2CVSS5.4AI score0.00153EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2026/06/16 7:27 p.m.13 views

CVE-2026-46770

...

6.1CVSS0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 2:16 a.m.11 views

CVE-2026-1766

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM Comment tags. An attacker cou...

6.1CVSS0.00158EPSS
Exploits1References2
CVE
CVE
added 2026/06/16 12:34 a.m.49 views

CVE-2026-1766

CVE-2026-1766 concerns GNOME localsearch (tracker-extract-mp3) and its MP3 Extractor, where a heap buffer overflow occurs while parsing MP3 files with malformed ID3v2.3 COMM tags. Exploitation can cause DoS (crash) and may disclose heap data. Public advisories and patches exist across multiple ve...

6.1CVSS5.5AI score0.00158EPSS
Exploits1References2Affected Software2
EUVD
EUVD
added 2026/06/15 9:30 p.m.12 views

EUVD-2025-210149

A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS5.2AI score0.00188EPSS
Exploits1References3
Rows per page
Query Builder