1993 matches found
Apache APISIX - Remote Code Execution
A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different...
Incorrect Authorization
Overview FlaskBB is an A classic Forum Software in Python using Flask. Affected versions of this package are vulnerable to Incorrect Authorization via manipulation of the topicid parameter in batch requests. An attacker can perform unauthorized actions such as locking, unlocking, deleting, or...
CVE-2026-21370
Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values...
CVE-2026-21370 Out-of-bounds Write in Camera Driver
Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values...
CVE-2026-21370
Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values...
EUVD-2026-41928
Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values...
CVE-2026-21370
CVE-2026-21370 is an out-of-bounds write in the camera driver causing memory corruption when validating input batch size and buffer plane count that exceed maximum allowed values. The issue is described as a memory corruption condition in the Qualcomm camera driver. Exploitation details beyond wh...
CVE-2026-21370 Out-of-bounds Write in Camera Driver
Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values...
PT-2026-55990
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs during the validation of input batch size and buffer plane count when these values exceed the maximum allowed limits. Recommendations At...
CVE-2026-3462
The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...
CVE-2026-3462
CVE-2026-3462 affects the Frisbii Pay plugin for WordPress (all versions up to 1.8.9). The vulnerability arises from missing capability checks on upload_csv and process_batch, enabling authenticated attackers with Subscriber-level access or higher to modify data by uploading arbitrary CSVs and ov...
GHSA-72R4-9C5J-MJ57 pnpm: `patch-remove` could delete project-selected files outside the patches directory
Summary The patch-remove deletion-scope issue tracked as GHSA-72r4-9c5j-mj57 / CAND-PNPM-030 has been addressed in pnpm. A crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This patch validates the...
PT-2026-52883
Name of the Vulnerable Software and Affected Versions Envoy versions 1.34.0 through 1.35.12 Envoy versions 1.36.0 through 1.36.8 Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description Envoy crashes when an ext proc server sends a single gRPC message containing...
CVE-2026-53162
Summary (CVE-2026-53162) : In the Linux kernel memcg subsystem, a non-NMI-safe path around random-number generation during NMI handling could corrupt the ChaCha batch state, enabling memcg charge draining. The fix replaces the get_random_u32_below() path with a per-CPU round-robin counter stored ...
EUVD-2026-38828
In the Linux kernel, the following vulnerability has been resolved: ceph: put folios not suitable for writeback The batch holds references to the folios see filemapgetfolios, foliobatchrelease, so we need to folioput the folios we remove. Tested on v6.18...
CVE-2026-52960 ceph: put folios not suitable for writeback
In the Linux kernel, the following vulnerability has been resolved: ceph: put folios not suitable for writeback The batch holds references to the folios see filemapgetfolios, foliobatchrelease, so we need to folioput the folios we remove. Tested on v6.18...
CVE-2026-52960 ceph: put folios not suitable for writeback
In the Linux kernel, the following vulnerability has been resolved: ceph: put folios not suitable for writeback The batch holds references to the folios see filemapgetfolios, foliobatchrelease, so we need to folioput the folios we remove. Tested on v6.18...
CVE-2026-52960
CVE-2026-52960 affects the Linux kernel Ceph component: when removing folios not suitable for writeback, the batch may hold references to folios and fail to release them, causing a resource leak. This could lead to DoS via resource exhaustion. The issue is resolved in the Linux kernel, with tests...
PT-2026-51854
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18 Description An issue exists in the ceph component where folios not suitable for writeback are not properly released. Because the batch maintains references to the folios through filemap get folios and folio...
This Week in Spring - June 23rd, 2026
Hi Spring fans! In this installment, we look at the wide and wonderful world of Spring, as usual, and there's a good amount to get to, fresh off the recent Spring Boot 4.1 generation release train, so let's dive right into it! I wrote a blog post looking at Spring Batch, MongoDB, and Spring Boot...