CVE-2026-7668

A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1STRINGdata in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated...

EUVD-2025-209280

Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that the response originates from a legitimate configured upstream DNS server. The implementation matches responses primarily by TXID and inserts results into the cache, enabling a remote attacker to inje...

PT-2026-30973

Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that the response originates from a legitimate configured upstream DNS server. The implementation matches responses primarily by TXID and inserts results into the cache, enabling a remote attacker to inje...

GHSA-3VMH-33XR-9CQH Zebra has a Consensus Failure due to Improper Verification of V5 Transactions

--- CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid authorization data, a miner could cause...

CVE-2026-28230

SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction solely by transactionId a sequential integer starting from 1 without verifying that the requesting charger matches...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001315)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001315 advisory. An issue was discovered in kmemcacheallocbulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71...

Code-Projects Online Product Reservation System SQL注入漏洞

Code-Projects Online Product Reservation System is a Code-Projects open source online product reservation system. A SQL injection vulnerability exists in Code-Projects Online Product Reservation System version 1.0, which stems from an incorrect manipulation of the parameter transactionid in the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992965)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992965 advisory. In the Linux kernel, the following vulnerability has been resolved: slimbus: messaging: Free transaction ID in delayed interrupt scenario In case of interrupt delay...

CVE-2022-50856 cifs: Fix xid leak in cifs_ses_add_channel()

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifssesaddchannel Before return, should free the xid, otherwise, the xid will be leaked...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unreleased xid, which could lead to an xid leak...

kernel: cifs: Fix xid leak in cifs_ses_add_channel()

A transaction ID xid leak was found in the CIFS/SMB filesystem. When adding a new channel fails, the allocated xid is not freed, leading to gradual exhaustion of the xid pool...

CVE-2025-11728

CVE-2025-11728 affects the Oceanpayment CreditCard Gateway plugin for WordPress (versions up to 6.0). The root cause is missing authentication and capability checks in the return_payment and notice_payment functions, allowing unauthenticated and unauthorized modification of data. The practical im...

EUVD-2025-30714

Malicious code in bioql PyPI...

CVE-2022-50460 cifs: Fix xid leak in cifs_flock()

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifsflock If not flock, before return -ENOLCK, should free the xid, otherwise, the xid will be leaked...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unreleased xid in the cifsflock function, which could lead to a resource leak...

CVE-2025-55887

Cross-Site Scripting XSS vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that ...

CVE-2025-55887

Cross-Site Scripting XSS vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that ...

CVE-2025-55887

Cross-Site Scripting XSS vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that ...

ARD GEC en Ligne 安全漏洞

ARD GEC en Ligne is an online service portal of ARD France. A security vulnerability exists in ARD GEC en Ligne that stems from insufficient validation of transactionID parameter input validation and output encoding, which could lead to cross-site scripting attacks...

PT-2025-39065

Name of the Vulnerable Software and Affected Versions ARD affected versions not specified Description A Cross-Site Scripting XSS issue exists in the meal reservation service. The vulnerability is located in the transactionID GET parameter on the transaction confirmation page. Insufficient input...