9801 matches found
CVE-2026-26953
Pi-hole Admin Interface (web UI for Pi-hole) versions 6.0+ expose a Stored HTML Injection in the active sessions table of the API settings page. The vulnerability arises because the rowCallback reads data.x_forwarded_for and directly concatenates it into HTML inserted via jQuery .html(), allowing...
CVE-2026-26953 Pi-hole Web Interface has Stored HTML Injection via X-Forwarded-For Header in Active Sessions Table
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.0 and above have a Stored HTML Injection vulnerability in the active sessions table located on the API settings page, allowing an attacker with valid credentia...
CVE-2026-26953 Pi-hole Web Interface has Stored HTML Injection via X-Forwarded-For Header in Active Sessions Table
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.0 and above have a Stored HTML Injection vulnerability in the active sessions table located on the API settings page, allowing an attacker with valid credentia...
CVE-2025-13671
OpenText Web Site Management Server contains a CSRF vulnerability (CVE-2025-13671) affecting versions 16.7.0 and 16.7.1. An active user with a session could be induced to perform unintended changes via a page containing malicious HTML, effectively exploiting CSRF. CVSS v4.0 vectors: Network attac...
SUSE CVE-2026-23228
In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of activenumconn in ksmbdtcpnewconnection On kthreadrun failure in ksmbdtcpnewconnection, the transport is freed via freetransport, which does not decrement activenumconn, leaking this counter. Replace...
PT-2026-20961
Name of the Vulnerable Software and Affected Versions Pi-hole versions 6.0 through 6.4.0 Description Pi-hole Admin Interface, a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application, contains a Stored HTML Injection issue in the active sessions table on...
CVE-2026-23228
The CVE-2026-23228 issue is in the Linux kernel smb server (ksmbd) where, on ksmbd_tcp_new_connection() failure, free_transport() did not decrement active_num_conn, leaking the counter. This occurs in the kthread_run() path during transport cleanup. The documented fix replaces free_transport() wi...
CVE-2026-23228 smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()
In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of activenumconn in ksmbdtcpnewconnection On kthreadrun failure in ksmbdtcpnewconnection, the transport is freed via freetransport, which does not decrement activenumconn, leaking this counter. Replace...
CVE-2026-23228
In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of activenumconn in ksmbdtcpnewconnection On kthreadrun failure in ksmbdtcpnewconnection, the transport is freed via freetransport, which does not decrement activenumconn, leaking this counter. Replace...
Exploit for Use After Free in Google Chrome
CVE-2026-2441 — Chrome CSSFontFeatureValuesMap Use-After-Free...
Linux Distros Unpatched Vulnerability : CVE-2026-23228
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: server: fix leak of activenumconn in ksmbdtcpnewconnection On kthreadrun failure in ksmbdtcpnewconnection, the transport is freed via freetransport, which...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure of kthreadrun and the lack of decrementing activenumconn, potentially leading to...
CVE-2024-36319
Debug code left active in AMD's Video Decoder Engine Firmware VCN FW could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system...
CVE-2026-23198
In the Linux kernel, the following vulnerability has been resolved: KVM: Don't clobber irqfd routing type when deassigning irqfd When deassigning a KVMIRQFD, don't clobber the irqfd's copy of the IRQ's routing entry as doing so breaks kvmarchirqbypassdelproducer on x86 and arm64, which explicitly...
PT-2026-8094
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The reported issue has been marked as rejected by NIST in the official CVE List, indicating it is not a valid or recognized vulnerability. No search results fro...
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-50347: mmc: rtsxusbsdmmc: fix return value check of mmcaddhost bsc1249928. CVE-2022-50580: blk-throttle: prevent overflow while calculating wait time bsc1252542...
Active Directory Attacks Demystified: Pass-the-Hash (PtH), Pass-the-Ticket (PtT), and Beyond
Key Takeaways Active Directory attacks are identified as a significant threat in enterprise environments, with 74% of breaches involving compromised identities according to the Verizon DBIR 2025. Pass-the-Hash PtHattacks facilitate lateral movement by allowing the reuse of stolen NTLM hashes...
Exploit for Protection Mechanism Failure in Microsoft
CVE-2026-21510 - Windows Shell Security Feature Bypass Vulnera...
CVE-2025-20080
Null pointer dereference in the firmware for some IntelR AMT and IntelR Standard Manageability within Ring 0: Kernel may allow a denial of service. Network adversary with an unauthenticated user combined with a high complexity attack may enable denial of service. This result may potentially occur...
CVE-2025-32008
Out-of-bounds write in the firmware for the IntelR AMT and IntelR Standard Manageability within Ring 3: User Applications may allow a denial of service. Network adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This result may potentially...