19038 matches found
CVE-2026-1136
The CVE-2026-1136 entry concerns a cross-site scripting (XSS) vulnerability in the lcg0124 BootDo product, specifically in the ContentController Save function (file path: /blog/bContent/save). The issue arises from manipulating the content/author/title argument, enabling XSS and enabling remote e...
ROS-20260119-7329
A vulnerability in the ufsbsgremove function of the drivers/ufs/core/ufsbsg.c module of the Linux kernel's UFS Universal Flash Storage host controller support is related to the reuse of previously freed memory. Exploitation of the vulnerability could allow an attacker to affect the confidentialit...
MiracleLinux 7 : microcode_ctl-2.1-73.16.el7 (AXEA:2023-6332:07)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXEA:2023-6332:07 advisory. - Insufficient granularity of access control in out-of-band management in some IntelR Atom and Intel Xeon Scalable Processors may allow a privileged...
Synology DiskStation Manager Out-of-bounds Write (CVE-2024-45539)
Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors. This plugin only works with...
CVE-2026-1111 Sanluan PublicCMS Task Template Management TaskTemplateAdminController.java save path traversal
A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. T...
CVE-2026-1106 Chamilo LMS Legal Consent SocialController.php deleteLegal improper authorization
A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization...
PT-2026-3381
Name of the Vulnerable Software and Affected Versions Sanluan PublicCMS versions up to 5.202506.d Description A flaw exists in Sanluan PublicCMS that allows for improper authorization. This issue is related to the delete function within the file...
CVE-2026-1063
The vulnerability CVE-2026-1063 affects Bastillion (Bastillion up to 4.0.1) in the Public Key Management System. The issue involves manipulation in src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java that enables command injection. Attack is described as executable remotely and publicly ...
EUVD-2026-3130
A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...
CVE-2026-1061 xiweicheng TMS FileController.java upload unrestricted upload
A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...
CVE-2026-1061 xiweicheng TMS FileController.java upload unrestricted upload
A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...
CVE-2026-1061
CVE-2026-1061 affects xiweicheng TMS prior to 2.28.0. The vulnerability is in the Upload function of FileController.java (src/main/java/com/lhjz/portal/controller/FileController.java), where manipulation of the filename argument enables unrestricted file upload. Remote exploitation is possible, a...
ai_bouncer
AiBouncer AI-powered HTTP request classification for Ruby on...
CVE-2025-12007
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image...
PT-2026-3368
Name of the Vulnerable Software and Affected Versions xiweicheng TMS versions prior to 2.28.0 Description An issue exists in xiweicheng TMS that allows for unrestricted file uploads. This is due to the manipulation of the filename argument within the Upload function located in the file...
Bastillion command injection vulnerability
Bastillion is an open-source key management tool developed by bastillion-io. Versions of Bastillion 4.0.1 and earlier contained a command injection vulnerability. This vulnerability stemmed from incorrect operations on the Public Key Management System component in the file...
OESA-2026-1077 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using iocinfo During mpt3sastransportportremove, messages were logged with devprintk against...
CVE-2025-12006
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image...
CVE-2025-12007 Supermicro BMC firmware update validation bypass
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image...
CVE-2025-12007
The CVE-2025-12007 issue affects Supermicro BMC firmware on the MBD-X13SEM-F board. A vulnerability in the firmware update validation logic could allow an attacker to flash a specially crafted image, bypassing validation and updating system firmware. Other documents corroborate this description, ...