69 matches found
CVE-2026-46306
creationtimestamp| type| source ---|---|--- 2026-07-06 06:23:17+00:00| seen| https://www.hkcert.org/security-bulletin/debian-linux-kernel-multiple-vulnerabilities20260706...
DEBIAN-CVE-2026-14086
Insufficient policy enforcement in HID in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-10899
Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
Linux Distros Unpatched Vulnerability : CVE-2026-48747
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.13 and 8.0.13,...
DEBIAN-CVE-2026-3012
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...
DEBIAN-CVE-2026-9121
Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-31497
creationtimestamp| type| source ---|---|--- 2026-05-05 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/debian-linux-kernel-multiple-vulnerabilities20260506...
DEBIAN-CVE-2026-31688
In the Linux kernel, the following vulnerability has been resolved: driver core: enforce devicelock for drivermatchdevice Currently, drivermatchdevice is called from three sites. One site deviceattachdriver holds devicelockdev, but the other two bindstore and driverattach do not. This inconsisten...
DEBIAN-CVE-2025-68325
In the Linux kernel, the following vulnerability has been resolved: net/sched: schcake: Fix incorrect qlen reduction in cakedrop In cakedrop, qdisctreereducebacklog is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cakeenqueue, assumes that the parent qdisc will enqueue t...
CVE-2020-5911
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system...
CVE-2020-15322
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account...
Garage Management System 1.0 (categoriesName) - Stored XSS
Exploit Title: Garage Management System 1.0 categoriesName - Stored XSS Date: 18-09-2022 Exploit Author: Sam Wallace, SC Software Link: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html Version: 1.0 Tested on: Debian CVE : CVE-2022-41358 Summary:...
DEBIAN-CVE-2025-3576
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This ma...
DEBIAN-CVE-2024-23280
An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user...
DEBIAN-CVE-2023-0030
A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkmvmatail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system...
DEBIAN-CVE-2021-3847
An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system...
DEBIAN-CVE-2021-4057
Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...
DEBIAN-CVE-2021-3796
vim is vulnerable to Use After Free...
DEBIAN-CVE-2020-16042
Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
Liferay CE Portal Groovy-Console Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Liferay CE Portal Tomcat %q This module uses the Liferay CE Portal Groovy script console to execute OS commands. The Groovy...