1366 matches found
PT-2026-4692
In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-4708
In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
PT-2026-4712
Name of the Vulnerable Software and Affected Versions Chromium affected versions not specified Description An integer overflow in multiple functions within ubsan throwing runtime.cpp can cause a UBSan failure. This issue may lead to a remote denial of service without requiring additional executio...
CVE-2026-24632
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through = 1.0.0...
CVE-2026-24632
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through = 1.0.0...
CVE-2025-71156
In the Linux kernel, the following vulnerability has been resolved: gve: defer interrupt enabling until NAPI registration Currently, interrupts are automatically enabled immediately upon request. This allows interrupt to fire before the associated NAPI context is fully initialized and cause...
CVE-2026-24632
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through = 1.0.0...
CVE-2026-24632
CVE-2026-24632 describes a DOM-Based XSS in the WordPress plugin Delay Redirects prior to 1.0.0, caused by improper input neutralization during web-page generation. The issue affects Delay Redirects
CVE-2026-24632 WordPress Delay Redirects plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through = 1.0.0...
CVE-2026-24632 WordPress Delay Redirects plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through = 1.0.0...
WordPress plugin Delay Redirects has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-4462
Name of the Vulnerable Software and Affected Versions Delay Redirects versions through 1.0.0 Description Delay Redirects is susceptible to a DOM-Based Cross-site Scripting XSS issue due to improper neutralization of input during web page generation. This allows for potential malicious code...
CVE-2026-23996
FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys b...
SUSE-SU-2026:0263-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlbhandleuserfault bsc1254785. - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer bsc1255576. -...
Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27047)
The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27047 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: phy: fix phygetinternaldela...
CVE-2026-23996
FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys b...
CVE-2026-23996 FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection
FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys b...
CVE-2026-23996
CVE-2026-23996 concerns the FastAPI Api Key library. Version 1.1.0 is reported to expose a timing side-channel in verify_key(), where a random delay is applied only on verification failures. This enables an attacker to statistically distinguish valid from invalid API keys by measuring response la...
CVE-2026-23996 FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection
FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys b...
CVE-2026-23996
FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys b...