15982 matches found
EUVD-2026-45661
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix CRC overread and double-free in iscsithandletextcmd Two latent bugs in the Text-phase handler, both present since the original LIO integration in commit e48354ce078c "iscsi-target: Add iSCSI fabric suppor...
CVE-2026-63887
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Bound iscsiencodetextoutput appends to rspbuf iscsiencodetextoutput concatenates "key=value\0" records into login-rspbuf, an 8192-byte kzallocMAXKEYVALUEPAIRS buffer allocated in iscsitallocloginsetupbuffer...
CVE-2026-63888
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix CRC overread and double-free in iscsithandletextcmd Two latent bugs in the Text-phase handler, both present since the original LIO integration in commit e48354ce078c "iscsi-target: Add iSCSI fabric suppor...
EUVD-2026-45619
In the Linux kernel, the following vulnerability has been resolved: net: tls: prevent chain-after-chain in plain text SG Sashiko points out that if end = 0 start != 0 the current code will create a chain link to content type right after the wrap link: This would create a chain where the wrap link...
CVE-2026-63887
The CVE refers to a Linux kernel issue in the iscsi target login path where iscsi_encode_text_output() concatenates key=value records into login->rsp_buf (8192-byte) without checking remaining space. A single PDU can carry up to ~2048 pairs, potentially expanding to ~32 KiB of output into an 8...
CVE-2026-63888
CVE-2026-63888 affects the Linux kernel’s SCSI target iSCSI Text PDU path. Two latent bugs in iscsit_handle_text_cmd() were fixed: (1) a CRC32C buffer overread when DataDigest is negotiated, caused by using the bumped rx_size for crc32c() instead of the actual padded payload length; the fix is to...
CVE-2026-63887 scsi: target: iscsi: Bound iscsi_encode_text_output() appends to rsp_buf
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Bound iscsiencodetextoutput appends to rspbuf iscsiencodetextoutput concatenates "key=value\0" records into login-rspbuf, an 8192-byte kzallocMAXKEYVALUEPAIRS buffer allocated in iscsitallocloginsetupbuffer...
CVE-2026-63888 scsi: target: iscsi: Fix CRC overread and double-free in iscsit_handle_text_cmd()
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix CRC overread and double-free in iscsithandletextcmd Two latent bugs in the Text-phase handler, both present since the original LIO integration in commit e48354ce078c "iscsi-target: Add iSCSI fabric suppor...
SuperWebMailer 9.00.0.01710 - Cross-Site Scripting
An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords. id: CVE-2023-38192 info: name: SuperWebMailer 9.00.0.01710 - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 allowi...
Rukovoditel <= 3.2.1 - Cross Site Scripting
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking...
Twittee Text Tweet <= 1.0.8 - Cross-Site Scripting
The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen. id: CVE-2023-0602 info: name: Twittee Text Tweet =...
rConfig <=3.9.4 - SQL Injection
rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10549 info: name: rConfig 3.9.4 or apply th...
Advanced Text Widget < 2.0.2 - Cross-Site Scripting
A cross-site scripting XSS vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2011-4618 info: name: Advanced Text Widget 2.0.2 - Cross-Site Scripting author:...
PT-2026-61204
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Bound iscsi encode text output appends to rsp buf iscsi encode text output concatenates "key=value0" records into login-rsp buf, an 8192-byte kzallocMAX KEY VALUE PAIRS buffer allocated in iscsit alloc login...
PT-2026-61205
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix CRC overread and double-free in iscsit handle text cmd Two latent bugs in the Text-phase handler, both present since the original LIO integration in commit e48354ce078c "iscsi-target: Add iSCSI fabric...
Telesquare TLR-2855KS6 - Arbitrary File Creation
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts. id: CVE-2021-46418 info: name: Telesquare TLR-2855KS6 - Arbitrary File Creation author: DhiyaneshDK severity: high description: | An unauthorized file creation vulnerability in...
CVE-2026-48487
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.16, readcharacterstring and readstring in src/zeroconf/protocol/incoming.py advanced self.offset by attacker-declared RDLENGTH without checking it against self.datalen, allowing unauthenticated hosts on th...
CVE-2026-16073
A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function Star.texttoimage/NetworkRenderStrategy.render of the file astrbot/core/star/base.py of the component T2I Feature. The manipulation leads to cross site scripting. The attack is...
CVE-2026-48487
CVE-2026-48487 (python-zeroconf) : Prior to 0.149.16, _read_character_string and _read_string in zeroconf’s incoming protocol could advance the parser past the end of the payload by using attacker-declared RDLENGTH without checking against data length, enabling unauthenticated LAN-local hosts on ...
CVE-2026-48487 Zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.16, readcharacterstring and readstring in src/zeroconf/protocol/incoming.py advanced self.offset by attacker-declared RDLENGTH without checking it against self.datalen, allowing unauthenticated hosts on th...