178 matches found
[SECURITY] Fedora 44 Update: perl-Imager-1.032-1.fc44
Imager is a module for creating and altering images. It can read and write various image formats, draw primitive shapes like lines,and polygons, blend multiple images together in various ways, scale, crop, render text and more...
UBUNTU-CVE-2026-53244
In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfsd4createfile atomiccreate in fs/namei.c drops the reference to the dentry when it returns an error. This behaviour was imported into dentrycreate so that it will drop the reference if an...
CVE-2026-53244 VFS: fix possible failure to unlock in nfsd4_create_file()
In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfsd4createfile atomiccreate in fs/namei.c drops the reference to the dentry when it returns an error. This behaviour was imported into dentrycreate so that it will drop the reference if an...
EUVD-2026-39195
In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfsd4createfile atomiccreate in fs/namei.c drops the reference to the dentry when it returns an error. This behaviour was imported into dentrycreate so that it will drop the reference if an...
CVE-2026-53244
CVE-2026-53244 concerns the Linux kernel NFSD component. When exporting a filesystem with the atomic_create hook, an error from atomic_create() could cause nfsd4_create_file() to fail unlocking the parent directory, risking resource exhaustion and potential DoS. The root cause is that dentry hand...
PT-2026-52339
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A failure to unlock the parent directory occurs in the nfsd4 create file function. This happens when the NFSD exports a filesystem using atomic create and that function returns an error...
CVE-2026-22164
Technical details are not publicly available in the provided documents. Monitor for future updates.
CVE-2026-8676
An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond...
EUVD-2026-31969
An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond...
cPanel 输入验证错误漏洞
cPanel is a web-based automated hosting platform developed by cPanel Inc. This platform is primarily used for automating the management of websites and servers. cPanel has a vulnerability related to input validation errors, which stem from insufficient input validation in the plugin parameter...
CVE-2026-38669
CVE-2026-38669 affects wCMS v1.4 and is described as a Cross Site Scripting (XSS) vulnerability when creating a new blog. The connected sources confirm the product/version and the XSS impact, with a CVSS v3.1 base score of 6.1 (Medium) and user interaction required. The documents do not provide r...
CVE-2025-70141
SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in adminclass.php based on the action parameter. An unauthenticated remote attacke...
benet: fix BUG when creating VFs
...
CVE-2022-38844
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system...
CVE-2023-54241
In the Linux kernel, the following vulnerability has been resolved: MIPS: KVM: Fix NULL pointer dereference After commit 45c7e8af4a5e3f0bea4ac209 "MIPS: Remove KVMTE support" we get a NULL pointer dereference when creating a KVM guest: 146.243409 Starting KVM with MIPS VZ extensions 149.849151 CP...
PT-2025-53092
Name of the Vulnerable Software and Affected Versions Kodezen LLC Academy LMS versions through 3.4.0 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a Stored Cross-site Scripting XSS condition. This allows an attacker to...
CVE-2023-53977 myBB Forums 1.8.26 Stored Cross-Site Scripting via Forum Management
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum management system that allows authenticated administrators to inject malicious scripts when creating new forums. Attackers can exploit this vulnerability by inserting script payloads in the forum title field when...
zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c
It was discovered that zziplib is vulnerable to a directory traversal flaw in most of its unzip binaries, including unzip-mem, unzzipcat-mem, unzzipcat-big, unzzipcat-mix, and unzzipcat-zip. An attacker may use this flaw to write files outside the intended target directory, overwriting existing...
CVE-2025-56807
A cross-site scripting XSS vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9.4 allows an administrator to store a JavaScript payload using the file explorer in the admin dashboard when creating new folders...
Cross-site Scripting (XSS)
Overview moonshine/moonshine is a Laravel administration panel Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Link parameter when creating/updating a new Article. Note There appears to be a fix attempt in 3.12.4, which was reverted in 3.12.6. At the time of...