86621 matches found
CVE-2026-20112
Cisco IOx web-based management interface in Cisco IOS XE is affected by a stored XSS vulnerability due to insufficient input validation. An attacker with valid administrative credentials could inject malicious code into specific pages, potentially executing scripts in the browser context or acces...
EUVD-2026-15339
In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queu...
CVE-2026-23360
In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queu...
CVE-2026-23360
In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queu...
UBUNTU-CVE-2026-23360
In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queu...
CVE-2026-23360 nvme: fix admin queue leak on controller reset
In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queu...
CVE-2026-23360
CVE-2026-23360 relates to the Linux kernel nvme subsystem where, during a controller reset, nvme_alloc_admin_tag_set() could leave a previous admin queue alive, risking an orphaned queue. The issue is fixed by releasing the old queue before allocating a new one, mitigating the leak. Multiple conn...
CVE-2026-23360
In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queu...
CVE-2026-23360 nvme: fix admin queue leak on controller reset
In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queu...
CVE-2026-23360
In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queu...
SHARP routers missing authentication for some web APIs
Overview SHARP routers do not perform authentication for some web APIs. Those web APIs provide device information, and the initial administrative password is based on a part of the device information. Missing authentication for critical function CWE-306 - CVE-2026-32326 Shota Zaizen reported this...
EUVD-2026-15194
SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...
WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users vulnerability
Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users vulnerability discovered by shark3y in WordPress Plugin WP DSGVO Tools GDPR versions = 3.1.38...
CVE-2026-32326
SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...
CVE-2026-32326
SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...
SUSE CVE-2026-27899
WireGuard Portal or wg-portal is a web-based configuration portal for WireGuard server management. Prior to version 2.1.3, any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with "IsAdmin": true in the JSON body. Aft...
SUSE CVE-2026-29195
Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to...
SUSE CVE-2026-30869
SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double-encoded traversal sequences, an attacker can access sensitive files such as...
PT-2026-28035
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows DOM-Based XSS.This issue affects WP Custom Admin Interface: from n/a through = 7.42...
PT-2026-27795
Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the web-based management interface of the Cisco IOx application hosting environment. This issue could allow a remote attacker with valid administrative...