91 matches found
SUSE CVE-2026-46309
In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject cohnone PAT index for CPU cached memory in madvise Add validation in xevmmadviseioctl to reject PAT indices with XECOHNONE coherency mode when applied to CPU cached memory. Using cohnone with CPU cached buffer...
AppLockZ - TrustedApp App Lock and Fingerprint Lock 安全漏洞
AppLockZ - TrustedApp App Lock and Fingerprint Lock is a mobile application security tool developed by AppLockZ - TrustedApp. Version 4.2.11 of AppLockZ - TrustedApp App Lock and Fingerprint Lock contains a security vulnerability. This vulnerability stems from the PIN lock being implemented as a...
Astra Linux – Vulnerability in Linux 5.10, Linux
Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights from resources. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The backends that use these interfaces may n...
Istio 代码问题漏洞
Istio is an open-source platform that connects, manages, and protects microservices. Versions of Istio prior to 1.28.6 and 1.29.2 have code vulnerabilities. These vulnerabilities arise when creating a RequestAuthentication resource that points to an internal service’s jwksUri, and Istio does not...
PT-2026-36778
The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...
PT-2026-35374
Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1...
uutils coreutils 安全漏洞
uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a security vulnerability in uutils coreutils. This vulnerability arises from the fact that the mktemp utility fails to properly handle the empty TMPDIR environment variable. Unlike GNU mktemp,...
Permissive Cross-domain Policy with Untrusted Domains
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the allowOrigin function. An attacker can access sensitive user data and perform unauthorized actions by...
GHSA-CMW6-HCPP-C6JP ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load
Summary The issue is in onnx.load — the code checks for symlinks to prevent path traversal, but completely misses hardlinks, which is the problem, since a hardlink looks exactly like a regular file on the filesystem. The Real Problem The validator in onnx/checker.cc only calls issymlink and never...
UBUNTU-CVE-2026-23919
For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...
CVE-2026-1567
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity XXE vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from the server...
Ubuntu 24.04 LTS : Linux kernel (Low Latency) vulnerabilities (USN-8052-1)
"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8052-1 advisory. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory...
EUVD-2025-206874
Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may result in leaking of sensitive information...
CVE-2026-1477
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion’ in ‘/evaluacioncompetenciasevaluaold.aspx’, could allow ...
EUVD-2025-203174
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allow remote attackers to read previous buffer contents via...
PT-2025-50592
A vulnerability in TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 25.11 for Windows allows malicious actors to coerce the service into transmitting data to an arbitrary internal IP address, potentially leaking sensitive information...
Microsoft Windows 访问控制错误漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Windows. An attacker could exploit this vulnerability to obtain sensitive information. The following products and versions are...
Linux Distros Unpatched Vulnerability : CVE-2025-40236
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - virtio-net: zero unused hash fields When GSO tunnel is negotiated virtionethdrtnlfromskb tries to initialize the tunnel metadata but forget to zero unused rxhas...
CVE-2025-13033
The CVE-2025-13033 entry concerns Nodemailer’s email parsing library. A flaw in handling specially formatted recipient addresses allows an attacker to craft a recipient that embeds an external address within quotes, causing misdirection of mail to the attacker’s external address rather than the i...
Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities
Multiple Cisco products are affected by vulnerabilities in the HTTP Multipurpose Internet Mail Extensions MIME Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak possible sensitive information or to restart. For more information about these...