11604 matches found
UBUNTU-CVE-2026-14324
RAOP module accepts unbounded Content-Length values and does not check the pwarrayadd return...
CVE-2026-14324
RAOP module accepts unbounded Content-Length values and does not check the pwarrayadd return...
CVE-2026-14324
RAOP module accepts unbounded Content-Length values and does not check the pwarrayadd return...
EUVD-2026-41006
RAOP module accepts unbounded Content-Length values and does not check the pwarrayadd return...
CVE-2026-14324
RAOP module accepts unbounded Content-Length values and does not check the pwarrayadd return. Mitigation If AirPlay streaming is not required, unload or disable the module-raop-discover and module-raop-sink PipeWire modules...
PT-2026-54643
Name of the Vulnerable Software and Affected Versions RAOP module affected versions not specified Description The RAOP module accepts unbounded Content-Length values and fails to verify the return value of the pw array add function. This lack of validation can lead to memory management issues whe...
CVE-2026-58011
CVE-2026-58011 (GLib) : A flaw in GLib’s g_date_time_get_ymd (glib/gdatetime.c) allows an out-of-bounds read of 2 bytes when an invalid GDateTime object from g_date_time_add_full is processed. This can corrupt date output and potentially cause logic errors leading to a denial of service. Exploita...
CVE-2026-53691
An Unrestricted File Upload vulnerability in Redeight CMS version 1.0 allows authenticated attackers to achieve Remote Code Execution via the POST "/admin/index.php?module=pages&mode=FileAdd" endpoint. The application fails to validate file extensions and MIME types, permitting the upload of...
CVE-2026-57079
CVE-2026-57079 affects Net::BitTorrent for Perl up to version 2.0.1. The flaw arises when parsing peer-supplied metadata (BEP09 ut_metadata path) where attacker-controlled file names are passed to Storage::add_file and Storage::_parse_file_tree; Path::Tiny’s child() does not collapse "..", so a v...
The vulnerability of the gf_isom_add_track_kind() function in the isomedia/isom_write.c file, implemented by the MP4Box encoder for the GPAC multimedia platform, allows a malicious actor to cause service interruptions using a specially created MP4 file.
The vulnerability of the gfisomaddtrackkind function in the isomedia/isomwrite.c file, belonging to the MP4Box encoder of the GPAC multimedia platform, is related to pointer dereferencing errors. Exploiting this vulnerability could allow an attacker to cause service failures through the use of a...
PYSEC-2026-283 ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView
The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE. When PUBLICADDVIEW=True comm...
CVE-2026-13559
A weakness has been identified in code-projects Real State Services 1.0. Impacted is an unknown function of the file /single-listsale.php?action=add. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...
CVE-2026-13557 itsourcecode Online Hotel Management System POST Request controller.php add cross site scripting
A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. This vulnerability affects unknown code of the file /admin/modroom/controller.php?action=add of the component POST Request Handler. Such manipulation of the argument Name leads to cross site scripting. The attack m...
EUVD-2026-40061
A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. This vulnerability affects unknown code of the file /admin/modroom/controller.php?action=add of the component POST Request Handler. Such manipulation of the argument Name leads to cross site scripting. The attack m...
CVE-2026-13557
The CVE-2026-13557 affects itsourcecode Online Hotel Management System 1.0. An attacker can manipulate the Name argument in the POST handler at /admin/mod_room/controller.php?action=add, triggering cross-site scripting. The vulnerability is exploitable remotely, and public exploit code appears to...
CVE-2026-13555 itsourcecode Online Hotel Management System controller.php add sql injection
A vulnerability was found in itsourcecode Online Hotel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/modusers/controller.php?action=add. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The exploi...
EUVD-2026-40058
A vulnerability was found in itsourcecode Online Hotel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/modusers/controller.php?action=add. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The exploi...
CVE-2026-13555
The CVE-2026-13555 entry affects itsourcecode Online Hotel Management System 1.0. Affected component: /admin/mod_users/controller.php?action=add. Description indicates that manipulating the Name parameter yields SQL injection, exploitable remotely. Public exploit exists (proof-of-concept level). ...
CVE-2026-13553
A flaw has been found in itsourcecode Online Hotel Management System 1.0. Affected is an unknown function of the file /admin/modamenities/controller.php?action=add. Executing a manipulation of the argument image can lead to unrestricted upload. It is possible to launch the attack remotely. The...
Linux Distros Unpatched Vulnerability : CVE-2026-53081
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Enforce regsafe base id consistency for BPFADDCONST scalars When regsafe compares two scalar registers that both carry BPFADDCONST, checkscalarids maps the...