214 matches found
ChanCMS <= 3.3.0 - Server-Side Request Forgery
yanyutao0402 ChanCMS 3.3.0 contains a server-side request forgery caused by manipulation of the "taskUrl" argument in /cms/collect/getArticle, letting remote attackers make arbitrary requests, exploit requires no special privileges. id: CVE-2025-10211 info: name: ChanCMS = 3.3.0 - Server-Side...
ChanCMS <= 3.3.0 - SQL Injection
yanyutao0402 ChanCMS = 3.3.0 contains a SQL injection caused by manipulation of the "key" argument in app/modules/api/service/Api.js Search function, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request. id: CVE-2025-10210 info: name: ChanCMS = 3.3.0 - SQL...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mac80211: Fixed an error in the ieee80211chanbwchange function for APVLAN stations. The ieee80211chanbwchange function iterates through all stations and accesses link-reserved.oper via sta-sdata-linklinkid. For stations on...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: mwifiex: The chanstats array is initialized to zero. The adapter-chanstats array is initialized in mwifiexinitchannelscangap using vmalloc, which does not zero out the memory. The array is filled in during...
Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007012)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007012 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Initialize the chanstats array to zero The adapter-chanstats array is initialized ...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006695)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006695 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Initialize the chanstats array to zero The adapter-chanstats array is initialized ...
SUSE CVE-2026-31394
In the Linux kernel, the following vulnerability has been resolved: mac80211: fix crash in ieee80211chanbwchange for APVLAN stations ieee80211chanbwchange iterates all stations and accesses link-reserved.oper via sta-sdata-linklinkid. For stations on APVLAN interfaces e.g. 4addr WDS clients,...
EUVD-2026-18770
In the Linux kernel, the following vulnerability has been resolved: mac80211: fix crash in ieee80211chanbwchange for APVLAN stations ieee80211chanbwchange iterates all stations and accesses link-reserved.oper via sta-sdata-linklinkid. For stations on APVLAN interfaces e.g. 4addr WDS clients,...
CVE-2026-31394
CVE-2026-31394 concerns the Linux kernel mac80211 path where AP_VLAN (4addr) stations can trigger a NULL pointer dereference in __ieee80211_sta_cap_rx_bw() due to sta->sdata pointing to VLAN sdata, which may not participate in chanctx reservations. The root cause is that link->reserved.oper...
CLSA-2026-1771081379 kernel: Fix of 76 CVEs
HID: core: ensure the allocated report buffer can contain the reserved report ID CVE-2025-38495 - fs/proc: fix uaf in procreaddirde CVE-2025-40271 - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer CVE-2025-40269 - Bluetooth: ISO: Fix possible UAF on isoconnfree CVE-2025-40141 -...
CVE-2025-69620
A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service DoS via writing files to the internal storage...
CVE-2025-69620
A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service DoS via writing files to the internal storage...
CVE-2025-69620
A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service DoS via writing files to the internal storage...
CVE-2025-69620
A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service DoS via writing files to the internal storage...
EUVD-2025-206780
A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service DoS via writing files to the internal storage...
CVE-2025-69620
A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service DoS via writing files to the internal storage...
PT-2026-5974
Name of the Vulnerable Software and Affected Versions Moo Chan Song version 4.5.7 Description A path traversal issue exists in Moo Chan Song version 4.5.7 that can lead to a Denial of Service DoS by allowing attackers to write files to the internal storage. Recommendations Update Moo Chan Song to...
CVE-2025-69620
CVE-2025-69620 describes a path traversal in Moo Chan Song v4.5.7 that can cause a Denial of Service by writing files to internal storage. Affected software: Moo Chan Song 4.5.7. Root cause: path traversal leading to DoS. Impact: denial of service as stated. Exploitation/availability impact: avai...
CVE-2025-69620
A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service DoS via writing files to the internal storage...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001378)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001378 advisory. In the Linux kernel before 5.12.4, net/bluetooth/hcievent.c has a use-after-free when destroying an hcichan, aka CID-5c4c8c954409. This leads to writing an arbitrary...