Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the presence of a crash window when the attribute dabtree is deactivated, which could result in an invalid...

CVE-2026-7435

SSCMS v7.4.0 is affected by a SQL injection in the stl:sqlContent tag, where the queryString is passed directly to database execution without parameterization or sanitization. Attackers can submit encrypted payloads to the /api/stl/actions/dynamic endpoint to execute arbitrary SQL statements, lea...

Amazon Linux 2023 : python3-tornado (ALAS2023-2026-1587)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1587 advisory. In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters. CVE-2026-35536...

GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute

Summary A remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to interrupt the message handling flow. This results in an illegal memory...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the recvMessageloop process. An attacker can cause the daemon to crash by sending a specially crafted BGP UPDATE message containing an unrecognized Path Attribute marked as "Well-known," which leads to a nil...

GHSA-7235-89M6-F4PX GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute

Summary A remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to interrupt the message handling flow. This results in an illegal memory...

CVE-2025-56535

A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...

JLSEC-2026-306

HDF5 Library through 1.14.3 may use an uninitialized value in H5Aattrreleasetable in H5Aint.c...

JLSEC-2026-294

HDF5 through 1.14.3 contains a heap buffer overflow in H5Aattrreleasetable, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

JLSEC-2026-328

A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and...

CVE-2025-56535

OpenNebula 6.10.0.1 is affected by a cross-site scripting (XSS) vulnerability in the zone attribute parameter. The issue allows an attacker to render arbitrary web scripts or HTML in the victim’s browser. The available documents consistently describe the vulnerability as XSS in OpenNebula v6.10.0...

CVE-2025-56535

A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...

OpenNebula 跨站脚本漏洞

OpenNebula is an open-source cloud computing platform developed by OpenNebula, used for managing heterogeneous distributed data center infrastructure. Version 6.10.0.1 of OpenNebula contains a cross-site scripting vulnerability. This vulnerability arises from injecting a specially crafted payload...

CVE-2025-56535

A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...

EUVD-2025-209588

A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...

CVE-2025-56535

A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...

PT-2026-35942

A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...

PT-2026-37135

Name of the Vulnerable Software and Affected Versions GoBGP versions prior to 4.4.0 Description A remote Denial of Service DoS issue exists due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to...

CVE-2025-56535

A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...

USN-8198-2: Tornado vulnerabilities

USN-8198-1 fixed vulnerabilities in Tornado. This update provides the corresponding updates for Ubuntu 26.04 LTS. Original advisory details: It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of...