1016 matches found
CVE-2025-40285 smb/server: fix possible refcount leak in smb2_sess_setup()
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2sesssetup Reference count of ksmbdsession will leak when session need reconnect. Fix this by adding the missing ksmbdusersessionput...
CVE-2025-40285
The CVE-2025-40285 issue affects the Linux kernel smb/server (ksmbd) in smb2_sess_setup, where a missing ksmbd_user_session_put() caused a reference count leak of ksmbd_session on session reconnect. The fix adds the missing ksmbd_user_session_put() to prevent the leak, with upstream commits refer...
CVE-2025-34258
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/plan endpoint. When an authenticated user adds an area to a map entry, the name parameter is stored and later rendered in the map list without HTML sanitization. A...
CVE-2025-11127
The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9.0.1 do not properly verify users identify when using an AJAX action, allowing unauthenticated users to retrieve a valid session for arbitrary users by knowing their email address...
CVE-2025-61931
Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...
CVE-2025-11952 Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot
Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...
CVE-2025-47410
Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...
EUVD-2025-33884
HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session...
CVE-2025-31992
HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session...
EUVD-2020-30332
Malware in sbrugna...
EUVD-1999-1509
Malware in sbrugna...
EUVD-2010-0055
Malware in sbrugna...
EUVD-2018-7733
Malware in sbrugna...
EUVD-2018-19391
Malware in sbrugna...
EUVD-2004-2235
Malware in sbrugna...
EUVD-2018-14306
Malware in sbrugna...
EUVD-2020-2568
Malware in sbrugna...
EUVD-2021-10049
Malware in sbrugna...
EUVD-2021-14650
Malware in sbrugna...
EUVD-2019-10281
Malware in sbrugna...