7984 matches found
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the hugetlbpmdshared function not properly handling shared memory, potentially leading to memory...
Linux Distros Unpatched Vulnerability : CVE-2026-23091
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - intelth: fix device leak on output open Make sure to drop the reference taken when looking up the th device during output device open on errors and on close. No...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from device mismatches that lead to the devmkfree warning, potentially causing resource management...
CVE-2026-24513
A security issue was discovered in ingress-nginx where the protection afforded by the auth-url Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors...
CVE-2026-24513
A security issue was discovered in ingress-nginx where the protection afforded by the auth-url Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the auth-url annotation when a specific misconfiguration occurs involving a custom-errors configuration that includes HTTP errors 401 or 403, and the configured default custom-erro...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the auth-url annotation when a specific misconfiguration occurs involving a custom-errors configuration that includes HTTP errors 401 or 403, and the configured default custom-erro...
CVE-2026-24513 ingress-nginx auth-url protection bypass
A security issue was discovered in ingress-nginx where the protection afforded by the auth-url Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors...
CVE-2026-24513
A security issue was discovered in ingress-nginx where the protection afforded by the auth-url Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors...
CVE-2026-24513
Ingress-NGINX contains a vulnerability where the protection of the auth-url Ingress annotation can be bypassed if a default custom-errors backend is configured with HTTP 401/403 and that backend incorrectly ignores the X-Code header. The built-in custom-errors backend functions correctly, but tri...
CVE-2026-24513 ingress-nginx auth-url protection bypass
A security issue was discovered in ingress-nginx where the protection afforded by the auth-url Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors...
CVE-2025-47397
Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors...
BIT-MASTODON-2026-23961 Mastodon may allow a remote suspension bypass
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows server administrators to suspend remote users to prevent interactions. However, some logic errors allow already-known posts from such suspended users to appear in timelines if boosted. Furthermore, under...
ROS-20260203-73-0031
A vulnerability in the ipvsxmit.c component of the Linux operating system kernel is related to resource release errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
NetBox 安全漏洞
NetBox is a tool developed by the NetBox community, based on Django and PostgreSQL, for IP address management IPAM and data center infrastructure management DCIM. There are security vulnerabilities in versions 2.11.0 to 3.7.x of NetBox. These vulnerabilities stem from the ProtectedError processin...
PT-2026-6339
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows server administrators to suspend remote users to prevent interactions. However, some logic errors allow already-known posts from such suspended users to appear in timelines if boosted. Furthermore, under...
CVE-2026-23476
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8, there a reflected XSS bug in FacturaScripts. The problem is in how error messages get displayed. Twig's | raw filter is used, which skips HTML escaping. When triggering a database error like passi...
CVE-2026-23476
Summary: CVE-2026-23476 affects FacturaScripts prior to 2025.8, due to a reflected XSS in error messages rendered with Twig’s raw filter. The bug arises when a database error includes user input (e.g., via the code parameter in endpoints like /EditProducto?code=) and the template Core/View/Macro/...
CVE-2026-23476
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8, there a reflected XSS bug in FacturaScripts. The problem is in how error messages get displayed. Twig's | raw filter is used, which skips HTML escaping. When triggering a database error like passi...
FacturaScripts is Vulnerable to Reflected XSS
Reflected XSS via SQL Error Messages Summary A reflected XSS bug has been found in FacturaScripts. The problem is in how error messages get displayed - it's using Twig's | raw filter which skips HTML escaping. When a database error is triggered like passing a string where an integer is expected,...