1365 matches found
CVE-2025-71235
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop. 105954.384919 RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 105954.384920 R10:...
CVE-2025-71235 scsi: qla2xxx: Delay module unload while fabric scan in progress
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop. 105954.384919 RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 105954.384920 R10:...
Attackers Don’t Need Signatures. Neither Should Your Defense.
How signatureless detection closes the most dangerous gap in enterprise vulnerability management — and why CISOs are rethinking their approach to exposure. Continuous Threat Exposure Management The Hidden Limitation Costing You Sleep Every CISO faces the same unanswered question after a board...
Linux Distros Unpatched Vulnerability : CVE-2026-23113
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iouring/io-wq: check IOWQBITEXIT inside work run loop Currently this is checked before running the pending work. Normally this is quite fine, as work items eith...
CVE-2026-21435
webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...
GHSA-PX4R-G4P3-HHQV webtransport-go: CloseWithError can block indefinitely
Summary An attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream, blocking transmission of the WTCLOSESESSION capsule and causing the close operati...
PT-2026-7628
An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OS MAX PATH LEN. If the length of DirNam...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: cups (UTSA-2026-005326)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005326 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sen...
Craft CMS Vulnerable to SQL Injection in Element Indexes via `criteria[orderBy]`
Summary The element-indexes/get-elements endpoint is vulnerable to SQL Injection via the criteriaorderBy parameter JSON body. The application fails to sanitize this input before using it in the database query. An attacker with Control Panel access can inject arbitrary SQL into the ORDER BY clause...
GHSA-2453-MPPF-46CJ Craft CMS Vulnerable to SQL Injection in Element Indexes via `criteria[orderBy]`
Summary The element-indexes/get-elements endpoint is vulnerable to SQL Injection via the criteriaorderBy parameter JSON body. The application fails to sanitize this input before using it in the database query. An attacker with Control Panel access can inject arbitrary SQL into the ORDER BY clause...
Integer Overflow
Apache HTTP Server is vulnerable to an integer overflow. The vulnerability is due to an integer overflow in the ACME certificate renewal backoff logic after repeated renewal failures, which allows an attacker or misconfiguration to trigger continuous, delay-free renewal attempts...
SUSE-SU-2026:0350-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50282: chardev: fix error handling in cdevdeviceadd bsc1249739. - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlbhandleuserfault bsc1254785. - CVE-2022-50700:...
SUSE SLES15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2026:0317-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0317-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: -...
CLSA-2026-1769693558 cups: Fix of CVE-2025-58436
CVE-2025-58436: fix issue where slow messages could delay cupsd...
CVE-2025-68934 Discourse Has Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause On^2 processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as t...
CLSA-2026-1769507433 cups: Fix of CVE-2025-58436
CVE-2025-58436: fix issue where slow messages could delay cupsd...
PT-2026-4930
Name of the Vulnerable Software and Affected Versions Phpscript-sgh version 0.1.0 Description The software contains a time-based blind SQL injection issue in the admin interface. Attackers can manipulate database queries through the id parameter. Exploitation involves crafting malicious payloads...
DoS due to improper input validation vulnerability in Apache Tomcat - CVE-2024-24549
A vulnerability was found in the Tomcat package due to its handling of HTTP/2 requests. Specifically, when an HTTP/2 request surpasses the predetermined limits for headers configured within the server, the associated HTTP/2 stream isn't reset immediately. Instead, the reset action occurs only aft...
CVE-2026-1190
Summary: CVE-2026-1190 affects Keycloak when used as a SAML client; it fails to validate the NotOnOrAfter timestamp in SubjectConfirmationData, allowing an attacker to delay SAML response expiration and potentially extend valid session duration. What’s affected: Keycloak’s SAML brokering function...
PT-2026-4811
A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language SAML setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML...