1621 matches found
Complete Online Job Search System 1.0 - SQL Injection
Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=hiring&search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...
Complete Online Job Search System 1.0 - SQL Injection
Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/admin/company/index.php?view=edit&id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site...
kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
A use-after-free flaw was found in the Linux kernel's iSCSI target subsystem. In the iscsitdecconnusagecount function, complete is called while still holding the conn-connusagelock spinlock. The waiting thread such as iscsitcloseconnection may wake up immediately and free the iscsitconn structure...
vim: arbitrary command execution via modeline sandbox bypass
A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...
CVE-2026-53064
A flaw was found in the Linux kernel's device-mapper dm-cache component. When dm-cache operates in passthrough mode, a race condition can occur during concurrent write operations to the same cached block. This can lead to a null-pointer dereference in the invalidatecomplete function, potentially...
CVE-2026-53100
A flaw was found in the Linux kernel's mt76 wireless driver. This vulnerability occurs in the remain-on-channel functionality, where the mt76remainonchannel and mt76roccomplete functions attempt to acquire a mutex that is already held. This improper handling of the device mutex can lead to a syst...
EUVD-2026-38932
In the Linux kernel, the following vulnerability has been resolved: dm cache: fix null-deref with concurrent writes in passthrough mode In passthrough mode, when dm-cache starts to invalidate a cache entry and bio prison cell lock fails due to concurrent write to the same cached block, mg-cell...
Security Bulletin: Multiple Vulnerabilities in IBM Data Product Hub
Summary Multiple vulnerabilities were addressed in IBM Data Product Hub version 5.3.1 Patch 7 and 5.4.0 Vulnerability Details CVEID:CVE-2026-34282 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...
vim: arbitrary command execution via modeline sandbox bypass
A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k: Delay all operations related to ath9kwmieventtasklet until initialization is complete. The ath9kwmieventtasklet function used in ath9khtc assumes that all data structures have been fully initialized by the time it...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix device management cmd timeout flow In the UFS error handling flow, the host will send a device management command NOP OUT to the device to recover the link. If this command times out and clearing the device...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: Fixed a memory leak in setsspcomplete. The memory leak was fixed in setsspcomplete, where the mgmtpendingcmd structures are not freed after they are removed from the pending list. Commit 302a1f674c00 “Bluetoot...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: drv: netdevsim: do not call napicomplete from netpoll netdevsim supports netpoll. Make sure we do not call npaiComplete from it, as it may not be scheduled. Breno reported encountering a warning in npaiCompleteDone: WARNING:...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Handle protected guests properly in completehypercallexit Use is64bithypercall instead of is64bitmode to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g., SEV-ES and SEV-SN...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fixed the dereferencing of a null pointer in hcisyncconnCompleteEvt. This event is only specified for SCO and eSCO link types. Upon receiving a HCISynchronousConnectionComplete event for a BDADDR of an existing LE...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: mana: Fixed a race condition related to the per-CQ variable napiworkdone. After calling napicompletedone, the NAPIFSTATESCHED bit may be cleared, allowing another CPU to start a napi thread and access the per-CQ variable...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Fixed a memory leak in hcireqsyncComplete In the function hcireqsyncComplete, always free the previous sync request state before assigning a reference to a new one...
kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
A use-after-free flaw was found in the Linux kernel's iSCSI target subsystem. In the iscsitdecconnusagecount function, complete is called while still holding the conn-connusagelock spinlock. The waiting thread such as iscsitcloseconnection may wake up immediately and free the iscsitconn structure...
PT-2026-50075
Name of the Vulnerable Software and Affected Versions Oracle Solaris version 11.4 prior to SRU93 Description An issue exists in the Remote Administration Daemon that allows an unauthenticated attacker with network access via HTTPS to compromise the system. Successful exploitation can lead to...
CVE-2026-46340 Netty: SCTP reassembly nests buffers without bound
Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping t...