1738 matches found
Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting
The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users. id: CVE-2024-6517 info: name: Contact Form 7 Math Captcha =...
OPENSUSE-SU-2026:10870-1 389-ds-3.1.4+e9d94d45a-1.1 on GA media
These are all security issues fixed in the 389-ds-3.1.4+e9d94d45a-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2026-7454 WRL File Parsing Memory Corruption in Autodesk 3ds Max
A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...
CVE-2026-7450 PAR File Parsing NULL Pointer Dereference in Autodesk 3ds Max
A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition...
Autodesk 3ds Max 安全漏洞
Autodesk 3ds Max is a full-featured 3D computer graphics software developed by Autodesk, Inc. There is a security vulnerability in Autodesk 3ds Max, which may lead to a denial-of-service attack due to a stack overflow issue occurring during the parsing of specially crafted WRL files...
CVE-2026-33278
NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: phy: allowing MDIO bus PM operations to initiate/stop the state machine for phylink-controlled PHYs. DSA has two types of drivers: 1. Those that call dsaswitchsuspend and dsaswitchresume from their device’s PM operations:...
Astra Linux - уязвимость в mariadb-10.3
MariaDB Server before version 10.7 is vulnerable to Denial of Service attacks. In the file extra/mariabackup/dscompress.cc, when an error occurs i.e., transitioning to the err label during the execution of the createworkerthreads method, the held lock thd-ctrlmutex is not released properly. This...
Astra Linux - уязвимость в 389-ds-base
A flaw has been discovered in 389-ds-base versions 1.4.x.x prior to 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker who can view the screen or record the terminal’s standard error outpu...
PT-2026-42138
Name of the Vulnerable Software and Affected Versions 389-ds-base affected versions not specified Description A flaw exists in the LDAP server where the get ldapmessage controls ext function fails to enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated...
CVE-2026-42463 SQLBot: Unauthorized Access Vulnerability
SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0, SQLBot contains a Cross-Workspace IDOR Insecure Direct Object Reference and Authorization Bypass vulnerability in the /api/v1/datasource/exportDsSchema and /api/v1/datasource/uploadDsSchema...
SUSE SLES15 Security Update : 389-ds (SUSE-SU-2026:1753-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1753-1 advisory. Update to version 2.0.20git89.937b1f291. Security issues fixed: - CVE-2025-14905: heap buffer overflow due to improper size calculation in...
SUSE-SU-2026:1753-1 Security update for 389-ds
This update for 389-ds fixes the following issues: Update to version 2.0.20git89.937b1f291. Security issues fixed: - CVE-2025-14905: heap buffer overflow due to improper size calculation in schemaattrenumcallback callback bsc1258727. Other updates and bugfixes: - Issue 7224 - CI Test - Simplify...
SUSE CVE-2026-43191
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust PHY FSM transition to TXEN-to-PLLON for TMDS on DCN35 Why A backport of the change made for DCN401 that addresses an issue where we turn off the PHY PLL when disabling TMDS output, which causes the OTG to...
Astra Linux - уязвимость в slapi-nis
A flaw was discovered in slapi-nis in versions prior to 0.56.7. A NULL pointer dereferencing during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The greatest threat from this vulnerability is to system availability...
Astra Linux - уязвимость в 389-ds-base
The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying userPassword using malformed input...
Astra Linux - уязвимость в 389-ds-base
A flaw was discovered in 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can access a NULL pointer dereferencing using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is associated with an incomple...
Astra Linux - уязвимость в 389-ds-base
A heap overflow flaw was discovered in 389-ds-base. This issue causes a denial of service when writing a value larger than 256 characters in logentryattr...
Astra Linux - уязвимость в 389-ds-base
In the 389-ds-base up to version 1.4.1.2, requests are processed by worker threads. Each socket is waited for by the worker for no more than ‘ioblocktimeout’ seconds. However, this timeout applies only to un-encrypted requests. Connections that use SSL/TLS do not take this timeout into account...
Astra Linux - уязвимость в 389-ds-base
A flaw was discovered in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, resulting in a denial of service...