23718 matches found
CVE-2026-10659
The Dhara flash translation layer disk driver drivers/disk/ftldhara.c implemented the dharanand callbacks so that, on a flash error, the error code was written unconditionally through the caller-supplied dharaerrort err pointer e.g. err = DHARAEECC in dharanandread, and similar in...
CVE-2026-10659 NULL pointer dereference in Zephyr Dhara FTL disk driver on flash read error during journal resume
The Dhara flash translation layer disk driver drivers/disk/ftldhara.c implemented the dharanand callbacks so that, on a flash error, the error code was written unconditionally through the caller-supplied dharaerrort err pointer e.g. err = DHARAEECC in dharanandread, and similar in...
CVE-2026-10659
The CVE concerns Zephyr’s Dhara FTL disk driver (drivers/disk/ftl_dhara.c). On flash read errors, the driver previously wrote error codes unconditionally to a caller-supplied err pointer, and the journal-resume path forwarded NULL into dhara_nand_read(), causing a NULL dereference during disk ini...
CVE-2026-21369
Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification...
EUVD-2026-41927
Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification...
CVE-2026-21369
CVE-2026-21369 describes a memory corruption in the camera driver when handling flash commands. The root cause is outdated LED count values being used after userspace modification, leading to out-of-bounds/write conditions. The weakness is limited to local attack vector with high complexity and l...
CVE-2026-21369
Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification...
CVE-2026-21369 Out-of-bounds Write in Camera Driver
Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification...
CVE-2026-21369 Out-of-bounds Write in Camera Driver
Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification...
PT-2026-55989
Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto affected versions not specified Description Memory corruption occurs when handling flash commands. This issue is caused by the use of outdated LED count values following modifications made in userspace. Recommendations...
Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
An update for kernel is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
CVE-2026-57958
Summary: Mixpost
EUVD-2026-40143
Mixpost through 2.6.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in authenticated users' browsers by crafting malicious OAuth callback URLs with unsanitized error query parameters. Attackers can exploit the OAuth...
PYSEC-2026-499 pyload-ng vulnerable to RCE with js2py sandbox escape
Summary Any pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell command and the victim server will execute it immediately. Details js2py has a vulnerability of sandbox escape assigned as CVE-2024-28397, which is used by the...
DEBIAN-CVE-2026-53303
In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extensionlist reading with sblock in f2fssbishow In f2fssbishow, the extensionlist, extensioncount and hotextcount are read without holding sbi-sblock. If a concurrent sysfs store modifies the extension list via...
CVE-2026-53303
In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extensionlist reading with sblock in f2fssbishow In f2fssbishow, the extensionlist, extensioncount and hotextcount are read without holding sbi-sblock. If a concurrent sysfs store modifies the extension list via...
CVE-2026-57323
Unauthenticated Broken Access Control in Flash & HTML5 Video = 2.11.0 versions...
CVE-2026-57323 WordPress Flash & HTML5 Video plugin <= 2.11.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Flash & HTML5 Video = 2.11.0 versions...
CVE-2026-57323
The CVE-2026-57323 entry concerns the WordPress Flash & HTML5 Video plugin (versions <= 2.11.0). Affected component: the Flash & HTML5 Video functionality within the WordPress plugin. Root cause: Unauthenticated Broken Access Control, enabling access to resources without authentication. Impact...
EUVD-2026-39735
Unauthenticated Broken Access Control in Flash & HTML5 Video = 2.11.0 versions...