hickory-proto: NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-proto's 0.25.0-alpha.3 ... 0.25.2 and hickory-net's 0.26.0-alpha.1 .. 0.26.0 DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of th...

PT-2026-38485

The NSEC3 closest-encloser proof validation in hickory-proto's 0.25.0-alpha.3 ... 0.25.2 and hickory-net's 0.26.0-alpha.1 .. 0.26.0 DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of th...

RUSTSEC-2026-0120 NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-net's DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of the SOA owner, terminating only when the current candidate equals the SOA...

WordPress TreePress – Easy Family Trees & Ancestor Profiles plugin <= 3.0.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin TreePress – Easy Family Trees & Ancestor Profiles versions = 3.0.6...

CVE-2026-34768

A flaw was found in Electron. On Windows, when an application is installed to a path containing spaces and configured to open at login, the executable path is written to the system's Run registry key without proper quoting. An attacker with write access to an ancestor directory can exploit this t...

CVE-2024-46721

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile-parent-dentsAAFSPROFDIR could be NULL only if its parent is made from createmissingancestors.. and 'ent-old' is NULL in aareplaceprofiles... In that case, it must return an...

SUSE CVE-2024-41085

In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix no cxlnvd during pmem region auto-assembling When CXL subsystem is auto-assembling a pmem region during cxl endpoint port probing, always hit below calltrace. BUG: kernel NULL pointer dereference, address:...

CVE-2024-41085 cxl/mem: Fix no cxl_nvd during pmem region auto-assembling

In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix no cxlnvd during pmem region auto-assembling When CXL subsystem is auto-assembling a pmem region during cxl endpoint port probing, always hit below calltrace. BUG: kernel NULL pointer dereference, address:...

CVE-2024-41085

CVE-2024-41085 concerns the Linux kernel CXL memory region probing. The bug was a NULL pointer dereference when auto-assembling a pmem region during endpoint port probing because cxl_nvd (NVDIMM) was not yet registered. The fix changes the probe sequence so the cxl_nvd is available before or duri...

CVE-2024-26934

CVE-2024-26934: Linux kernel USB core deadlock in usb_deauthorize_interface() when sysfs attribute callbacks hold a parent device lock. Affected: drivers/usb/core/sysfs.c (interface_authorized_store) acquiring parent device lock; fix uses sysfs_break_active_protection() to avoid waiting for the c...

rpm: checks for unsafe symlinks are not performed for intermediary directories

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...

WordPress TreePress – Easy Family Trees & Ancestor Profiles Plugin <= 3.0.0.1 is vulnerable to Cross Site Scripting (XSS)

Software TreePress – Easy Family Trees & Ancestor Profiles Type Plugin Vulnerable versions = 3.0.0.1 Fixed in 3.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a43ea79f6f29...

CVE-2023-23863

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin = 2.0.22 versions...

CVE-2023-23863

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin = 2.0.22 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin = 2.0.22 versions...

CVE-2023-23863 WordPress TreePress – Easy Family Trees & Ancestor Profiles Plugin <= 2.0.22 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin = 2.0.22 versions...

WordPress plugin TreePress – Easy Family Trees & Ancestor Profiles 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

XSS to RCE found in Trilium

Vulnerability Type Remote Code Execution RCE Authentication Required? No Affected Location - Search Notes Search Ancestor Output - Jump to Note Search Note Output - New Tab Search Notes Output Issue Summary The application contains a vulnerability where HTML characters within the title name of...

WordPress TreePress – Easy Family Trees & Ancestor Profiles Plugin <= 2.0.22 is vulnerable to Cross Site Scripting (XSS)

Software TreePress – Easy Family Trees & Ancestor Profiles Type Plugin Vulnerable versions = 2.0.22 Fixed in 3.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23863 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID...

SUSE CVE-2018-18351

Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page...