1082 matches found
CVE-2026-44712 pam_usb: Shell injection via device UUID and username in pamusb-conf and pamusb-agent
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $id/tmp/rce in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID some controllers allow this can inject the payload a...
Security Bulletin: Maximo AI Service uses uuid-11.1.0.tgz and spring-webmvc-6.2.17.jar which are vulnerable to CVE-2026-41988 and CVE-2026-22741.
Summary Maximo AI Service uses uuid-11.1.0.tgz and spring-webmvc-6.2.17.jar which are vulnerable to CVE-2026-41988 and CVE-2026-22741. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-22741 DESCRIPTION: Spring MVC and WebFlux...
CVE-2026-9712 Insecure direct object reference
When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...
CVE-2026-9712 Insecure direct object reference
When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...
CVE-2026-9712
When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...
CVE-2026-9712
CVE-2026-9712 concerns the pretix API where exporting creates a UUID for the export job and later a download request uses that UUID. The root cause is that one API endpoint did not verify that the download UUID actually corresponds to a file that is downloadable and belongs to the correct user. T...
CVE-2026-41704
CVE-2026-41704 affects BOSH Director prior to v282.1.12. The issue arises from AgentClient#handle_method handling NATS responses: it may invoke inject_compile_log and format_exception, and the blobstore resource flow calls ResourceManager#get_resource(blob_id) followed by ResourceManager#delete_r...
CVE-2026-41704 Compromised VM can make arbitrary blobstore deletes
AgentClienthandlemethod lines 264-303 processes every NATS reply. It calls injectcompilelog line 273 on every response, which reads response'value''result''compilelogid' line 332-338 and passes it to downloadanddeleteblob. Separately, any response containing 'exception' goes through formatexcepti...
PT-2026-44112
Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.8.7 Description An issue exists in the hardware authentication system for Linux where shell injection can occur. A crafted UUID in the configuration can lead to root remote code execution when the pamusb-conf...
pam_usb 参数注入漏洞
pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.8.7 contained a parameter injection vulnerability. This vulnerability stems from the use of specially crafted UUIDs in configurations e.g., $id/tmp/rce,...
pretix 安全漏洞
Pretix is a ticketing system developed by the German company Pretix. There is a security vulnerability in Pretix. This vulnerability stems from an API endpoint that does not verify whether the UUID used for downloading corresponds to the file that should be downloaded and whether it belongs to th...
PT-2026-44034
Name of the Vulnerable Software and Affected Versions pretix affected versions not specified Description An insecure direct object reference exists when creating exports through the API. API clients receive a UUID Universally Unique Identifier for export jobs to request the actual file for...
List of Security Fixes and Improvements in Veeam Service Provider Console
Purpose This article describes all security-related fixes and improvements introduced in each release or update of Veeam Service Provider Console. This article aims to provide our customers' security and compliance teams with detailed information on security improvements between releases to help...
List of Security Fixes and Improvements in Veeam Recovery Orchestrator
Purpose This article describes all security-related fixes and improvements introduced in each release or update of Veeam Recovery Orchestrator. This article aims to provide our customers' security and compliance teams with detailed information on security improvements between releases to help the...
CVE-2026-47715 Bugsink: Issue event views can show an event from another project if its UUID is known
Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it to belong to the issue in the URL. This is a project-boundary authorization issue: a...
SUSE CVE-2015-2667
Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory...
Astra Linux – Vulnerability in Firefox and Thunderbird
An attacker who enumerated resources from the WebCompat extension could obtain a persistent UUID that identified the browser. This UUID could be used to switch between container-based modes and normal/private browsing mode, but not profiles. This vulnerability has been fixed in Firefox 140, Firef...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: NFS/localio: Fixed a race condition in nfslocalopenfh. Once the clp-cluuid.lock is dropped, another CPU may come in and free the struct nfsdfile that was just added. To prevent this from happening, take the RCU read lock before...
CVE-2026-3985 Creative Mail – Easier WordPress & WooCommerce Email Marketing <= 1.6.9 - Unauthenticated SQL Injection via 'checkout_uuid' Parameter
The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkoutuuid' parameter in all versions up to, and including, 1.6.9. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...
EUVD-2026-31018
The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkoutuuid' parameter in all versions up to, and including, 1.6.9. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...