14 matches found
CVE-2026-2950
Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...
CVE-2026-32262
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before...
Craft CMS 安全漏洞
Craft CMS is an open-source content management system developed by Craft Studio. Vulnerabilities existed in versions of Craft CMS from 4.0.0-RC1 to 4.17.6, as well as in versions 5.0.0-RC1 to 5.9.12. These vulnerabilities stemmed from a potential exploit where low-privilege users or unverified...
Improper Encoding or Escaping of Output
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the setReturnUrl function. An attacker can execute arbitrary JavaScript in the context of the application by supplying a crafted return URL...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002777)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002777 advisory. In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by...
proxychains-ng 安全漏洞
proxychains-ng is a preloaded program by rofl0r individual developers. A security vulnerability exists in proxychains-ng versions 4.17 and earlier and cc005b7 and earlier, which stems from a stack buffer overflow in the proxyfromstring function, which could lead to memory corruption or a crash...
CVE-2023-47112
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and...
openNDS Security Vulnerabilities
openNDS is a high-performance, small footprint portal system open sourced from openNDS. A security vulnerability exists in openNDS that stems from a null pointer dereference issue that results in a denial of service DOS in products that use OpenNDS, such as Sierra Wireless ALEOS versions prior to...
SUSE CVE-2018-6554
Memory leak in the irdabind function in net/irda/afirda.c and later in drivers/staging/irda/net/afirda.c in the Linux kernel before 4.17 allows local users to cause a denial of service memory consumption by repeatedly binding an AFIRDA socket...
DEBIAN-CVE-2021-41165
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...
UBUNTU-CVE-2021-41164
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...
GHSA-P6MC-M468-83GW Prototype Pollution in lodash
Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The functions pick, set, setWith, update, updateWith, and zipObjectDeep allow a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires...
Linux kernel buffer overflow vulnerability (CNVD-2018-14219)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A buffer overflow vulnerability exists in the 'truncateinlineinode' function in the fs/f2fs/inline.c file in Linux kernel versions 4.17.10 and earlier, which stems fro...
Linux kernel denial of service vulnerability (CNVD-2018-12664)
The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A denial of service vulnerability exists in fs/xfs/xfsicache.c in 4.17.3 and earlier versions of the Linux kernel. An...