669 matches found
CVE-2026-58426
The CVE-2026-58426 affects Gitea, specifically the Actions Artifacts V4 signed URL mechanism, where an HMAC ambiguity enables cross-repository artifact read and cross-task upload-state write. The vulnerability stems from how signed URLs are validated, allowing unauthorized access across repositor...
MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting
paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...
CVE-2026-53012
CVE-2026-53012 : In the Linux kernel, a race/logic error allows IPv6 routes to reference an IPv4 nexthop because the has_v4 flag in groups is not updated when the nexthop family changes from AF_INET6 to AF_INET. The issue occurs when an IPv6 nexthop is replaced with an IPv4 nexthop and the has_v4...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: added error handling to avoid out-of-bounds access. If the sdmav40irqidtoseq function returns -EINVAL, the process should be stopped to prevent out-of-bounds reading; therefore, -EINVAL should be returned directly...
EulerOS Virtualization 2.13.1 : kernel (EulerOS-SA-2026-2132)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrlCVE-2025-40261 cifs: fix session state check in reconnect to avoid...
EulerOS Virtualization 2.13.0 : kernel (EulerOS-SA-2026-2171)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrlCVE-2025-40261 cifs: fix session state check in reconnect to avoid...
CVE-2026-46193
In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...
CVE-2026-45983
In the Linux kernel, the following vulnerability has been resolved: nfsd: never defer requests during idmap lookup During v4 request compound arg decoding, some ops e.g. SETATTR can trigger idmap lookup upcalls. When those upcall responses get delayed beyond the allowed time limit, cachecheck wil...
TP-Link多款产品 安全漏洞
TP-Link Archer RE650, among others, are products of the Chinese company TP-Link. The TP-Link Archer RE650 is a dual-band Gigabit wireless signal extender. The TP-Link Archer RE305 is also a dual-band Gigabit wireless signal extender. The TP-Link Archer RE360 is a wireless repeater that supports...
CVE-2026-28761
Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected product, unexpected operations may be done...
CVE-2026-28761
Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected product, unexpected operations may be done...
CVE-2026-28761
Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected product, unexpected operations may be done...
CVE-2026-24662
Cross-site scripting vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a file containing malicious contents is uploaded, an arbitrary script may be executed on a user's web browser when viewing the administration page showing the informati...
Multiple vulnerabilities in "Musetheque V4 Information Disclosure for IPKNOWLEDGE"
Overview Musetheque V4 Information Disclosure for IPKNOWLEDGE provided by Fujitsu Japan Limited contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2026-24662 Cross-site request forgery CWE-352 - CVE-2026-28761 Nozomi Iimura, Sho Odagiri of GMO Cybersecurity by Ierae...
Fujitsu Musetheque V4 跨站脚本漏洞
Fujitsu Musetheque V4 is a digital archive and collection information management system developed by Fujitsu for museums and cultural institutions. Fujitsu Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier versions contained a cross-site scripting vulnerability. This...
Fujitsu Musetheque V4 跨站请求伪造漏洞
Fujitsu Musetheque V4 is a digital archive and collection information management system developed by Fujitsu for museums and cultural institutions. Versions of Fujitsu Musetheque V4 prior to rev2203.0 contained a cross-site request forgeing vulnerability. This vulnerability arises from cross-site...
kernel security update
An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-014302)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014302 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, on...
Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007035)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007035 advisory. In the Linux kernel, the following vulnerability has been resolved: nfsd: provide locking for v4endgrace Writing to v4endgrace can race with server shutdown and resu...
GO-2026-4909 Missing validation decoding Index v4 files leads to panic in github.com/go-git/go-git
Missing validation decoding Index v4 files leads to panic in github.com/go-git/go-git...