Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: xfs: removed calls to xchkxfiledescr macros. The xchkxfiledescr macros use kasprintf, which may fail to allocate memory if the formatted string is longer than 16 bytes or whatever value nofail currently guarantees. Some of the...

SUSE CVE-2026-23252

In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchkxfiledescr calls The xchkxfiledescr macros call kasprintf, which can fail to allocate memory if the formatted string is larger than 16 bytes or whatever the nofail guarantees are nowadays. Some of them cou...

CVE-2026-23252

The CVE-2026-23252 issue affects the Linux kernel XFS code. The root cause is the xchk_xfile_*_descr macros calling kasprintf, which could fail to allocate memory when formatting strings larger than the non‑no-fail limit. The patch removes this path by passing static strings instead, eliminating ...

CVE-2019-25370 OPNsense 19.1 Reflected XSS via interfaces_vlan_edit.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfacesvlanedit.php with script payloads in the tag, descr, or vlanif parameters ...

CVE-2019-25370 OPNsense 19.1 Reflected XSS via interfaces_vlan_edit.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfacesvlanedit.php with script payloads in the tag, descr, or vlanif parameters ...

CVE-2019-25370

OPNsense 19.1 is affected by a reflected XSS in interfaces_vlan_edit.php. The vulnerability arises from accepting crafted input in multiple parameters (tag, descr, vlanif) via POST, enabling attackers to inject and execute arbitrary JavaScript in users’ browsers. The CVE entry confirms the affect...

PT-2026-8242

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfaces vlan edit.php with script payloads in the tag, descr, or vlanif parameter...

CVE-2024-58304

CVE-2024-58304 – SPA-CART CMS 1.9.0.3 is affected by a stored cross-site scripting vulnerability in the product description parameter. The issue allows authenticated administrators to inject JavaScript via the descr field in the product edit form, causing arbitrary code execution in the web brows...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the generateoverlibcontent function, which is accessible through the descr parameter at t...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the descr parameter in EditPortsController.php. A user with permission to edit port...

SPA-CART CMS - Stored XSS

Exploit Title: SPA-CART CMS - Stored XSS Date: 2024-01-03 Exploit Author: Eren Sen Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Version: 1.9.0.3 CVE-ID: N/A Tested on: Kali Linux / Windows 10 Vulnerabilities Discovered Date : 2024/01/03...

numpy: NULL pointer dereference in numpy.sort in in the PyArray_DescrNew() due to missing return-value validation

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArrayDescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error ca...

PYSEC-2021-856

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy and 1.19 in the PyArrayDescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays...

NumPy 代码问题漏洞

NumPy is a Python scientific computing package. The product supports a large number of dimensional arrays and matrices, while providing a large library of mathematical functions for data operations. numPy 1.19 has a security vulnerability that stems from a null pointer dereference vulnerability i...

Delta Electronics DIAEnergie 跨站脚本漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A cross-site...

Cross site scripting

pfSense before 2.4.5 has stored XSS in systemusermanageraddprivs.php in the WebGUI via the descr parameter aka full name of a user...

OPNsense < 19.1.1 - Cross-Site Scripting

Exploit Title: OPNsense 19.1 | Cross-Site Scripting Date: 01.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://opnsense.org Software Link: http://mirror.ams1.nl.leaseweb.net/opnsense/releases/19.1/OPNsense-19.1-OpenSSL-dvd-amd64.iso.bz2 Version: 19.1 Introduction OPNsense is an open...

Haihaisoft PDF Reader OCX Control v1.1.2.0 Remote Buffer Overflow

Exploit for windows platform in category dos / poc ================================================================= Haihaisoft PDF Reader OCX Control v1.1.2.0 Remote Buffer Overflow ================================================================= -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1...