CVE-2026-11584 CodeAstro Student Attendance Management System createClass.php edit sql injection

A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit...

GHSA-GJX9-J8F8-7J74 JinJava Bypass through ForTag leads to Arbitrary Java Execution

Impact Vulnerability Type: Sandbox Bypass / Remote Code Execution Affected Component: Jinjava Affected Users: - Organizations using HubSpot's Jinjava template rendering engine for user-provided template content - Any system that renders untrusted Jinja templates using HubSpot's Jinjava...

SUSE SLES15 Security Update : kernel (Live Patch 59 for SLE 15 SP3) (SUSE-SU-2025:03672-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03672-1 advisory. This update for the Linux Kernel 5.3.18-15030059211 fixes several issues. The following security issues were fixed: - CVE-2025-38499:...

SUSE-SU-2025:03638-1 Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001017 fixes several issues. The following security issues were fixed: - CVE-2025-38678: netfilter: nftables: reject duplicate device on updates bsc1249534. - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns...

The vulnerability of the Chamilo LMS electronic learning and content management system, related to deficiencies in the deserialization mechanism used by the operating system, allows attackers to create arbitrary classes.

The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, is related to deficiencies in the deserialization mechanisms used in the operating system. Exploiting this vulnerability could allow an attacker to create arbitrary classes...

CVE-2025-21971 net_sched: Prevent creation of classes with TC_H_ROOT

In the Linux kernel, the following vulnerability has been resolved: netsched: Prevent creation of classes with TCHROOT The function qdisctreereducebacklog uses TCHROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created wi...

CVE-2025-21971

CVE-2025-21971 in the Linux kernel net_sched subsystem: creation of a Qdisc class with classid TC_H_ROOT (0xFFFFFFFF) could terminate traversal early during qdisc tree walk, causing incorrect root backlog statistics and potential CRASH in DRR. The fix prevents creating any Qdisc class with TC_H_R...

CVE-2024-35975

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix transmit scheduler resource leak Inorder to support shaping and scheduling, Upon class creation Netdev driver allocates trasmit schedulers. The previous patch which added support for Round robin scheduling has a...

CVE-2024-35975

CVE-2024-35975 concerns the Linux kernel, specifically the octeontx2-pf Netdev driver, where a bug in the Round Robin scheduling patch caused transmit schedulers to not be freed after a class deletion. The vulnerability is described as a transmit scheduler resource leak that arises during shaping...

BIT-GITLAB-2021-32823 Potential Denial-of-Service in bindata

In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit. In combination with...

CVE-2022-0138

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created...

The vulnerability of the declarative reading and writing methods for BinData binary file formats, related to uncontrolled resource consumption, allows a perpetrator to cause service failures.

The vulnerability of the declarative method for reading and writing BinData binary file formats is related to the relatively slow creation of certain classes. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Mail.ru: add class vulnerable Stored XSS

https://happynumbers.com stored XSS in class name via class creation dialog...

PT-2021-4288 · Ruby +2 · Bindata +2

Name of the Vulnerable Software and Affected Versions: bindata RubyGem versions prior to 2.4.10 Description: The issue is related to a potential denial-of-service vulnerability in the bindata RubyGem. In affected versions, it is very slow for certain classes in BinData to be created, such as...