4259 matches found
EUVD-2026-28276
Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses...
CVE-2026-6238
A flaw was found in glibc GNU C Library. The deprecated functions nsprintrrf, nsprintrr, and fpnquery do not properly validate the length of RDATA Resource Record Data in a DNS Domain Name System response when processing specific record types like LOC, CERT, TKEY, or TSIG. A remote attacker could...
CVE-2026-7686
A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activation. Performing a manipulation results in improper access controls. Remote exploitation of the...
PT-2026-36989
Name of the Vulnerable Software and Affected Versions phpVMS versions 7.x through 7.0.5 Description A critical issue in the legacy importer component allows unauthenticated access to a deprecated import feature. A remote attacker can trigger internal processes to modify or delete application data...
CVE-2026-7686
Eyeo Adblock Plus (Chrome) up to 4.36.2 contains a vulnerability in postMessage handling within premium.preload.js (Legacy Premium Activation). Exploitation allows improper access controls with remote execution; the attack is publicly disclosed. The vendor notes the legacy activation path is depr...
Linux Distros Unpatched Vulnerability : CVE-2026-43041
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: qrtr: replace qrtrtxflow radixtree with xarray to fix memory leak radixtreecreate allocates and links intermediate nodes into the tree one by one. If a...
glibc: glibc: Application crash or uninitialized memory read via crafted DNS response
A flaw was found in glibc GNU C Library. The deprecated functions nsprintrrf, nsprintrr, and fpnquery do not properly validate the length of RDATA Resource Record Data in a DNS Domain Name System response when processing specific record types like LOC, CERT, TKEY, or TSIG. A remote attacker could...
SUSE CVE-2026-5435
The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records...
SUSE CVE-2026-6238
The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response,...
CVE-2026-7381
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...
CVE-2026-7381
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...
EUVD-2026-26296
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...
CVE-2026-7381 Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...
Admidio Missing Minimum Administrator Check in Role Membership Removal
Summary Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses it. Any administrator can remove the last remaining other...
GHSA-C7XM-R6VJ-8VG6 Admidio Missing Minimum Administrator Check in Role Membership Removal
Summary Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses it. Any administrator can remove the last remaining other...
PT-2026-36018
Name of the Vulnerable Software and Affected Versions Plack::Middleware::XSendfile versions prior to 1.0053 Description Plack::Middleware::XSendfile allows the variation setting sendfile type to be controlled by the client via the X-Sendfile-Type header if it is not defined in the middleware...
DEBIAN-CVE-2026-6238
The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response,...
CVE-2026-6238
The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response,...
CVE-2026-6238
The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response,...
UBUNTU-CVE-2026-6238
The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response,...