Astra Linux - уязвимость в linux-5.15

A issue was discovered in ksmbd within the Linux kernel versions 5.15 through 5.18, prior to 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case of smb2write...

Astra Linux - уязвимость в linux, linux-5.10

An improper update of the reference count vulnerability in the net/sched component of the Linux kernel allows a local attacker to escalate privileges to root. This issue affects Linux Kernel versions prior to 5.18, as well as version 4.14 and later versions...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010708)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010708 advisory. An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2writ...

CVE-2026-33769 Astro: Remote allowlist bypass via unanchored matchPathname wildcard

Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for / wildcards is unanchored, so a pathname that...

CVE-2025-11938

A vulnerability was found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of the file setup/routes/setup.php. Performing a manipulation of the argument DBPASSWORD/ROOTPATH/URL results in deserialization. The attack may be initiated remotely. The attack's complexity is rated as...

CVE-2025-11938

A vulnerability was found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of the file setup/routes/setup.php. Performing a manipulation of the argument DBPASSWORD/ROOTPATH/URL results in deserialization. The attack may be initiated remotely. The attack's complexity is rated as...

编号撤回

Emlog Pro is an Emlog open source blogging system. A security vulnerability exists in Emlog Pro 2.5.18 and earlier versions, which stems from improper handling of file uploads and could lead to unlimited uploads...

CVE-2020-36501

Multiple cross-site scripting XSS vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields...

Exploit for Cross-site Scripting in Redaxo

CVE-2024-50803 Stored XSS in mediapool feature of Redaxo A st...

WordPress Most And Least Read Posts Widget plugin <= 2.5.18 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Most And Least Read Posts Widget versions = 2.5.18...

CVE-2024-8190

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability...

Pi-hole 安全漏洞

Pi-hole is a web-grade ad-blocking application from Pi-hole, Inc. A security vulnerability exists in Pi-hole versions prior to 5.18, which stems from a vulnerability that allows an attacker to arbitrarily read internal server files...

CVE-2023-51459

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

PT-2023-8020 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to a reflected Cross-Site Scripting XSS vulnerability in Adobe Experience Manager. This vulnerability can be exploited if a low-privileged attacker convinc...

CVE-2023-48620

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2023-48616

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2023-48615

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2023-48607

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2023-48599

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...