58886 matches found
CVE-2026-47099
TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious constructor-name property value. The custom reviver passes the constructor name...
CVE-2026-47099 TeleJSON < 6.0.0 DOM-based XSS via parse() Function
TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious constructor-name property value. The custom reviver passes the constructor name...
CVE-2026-47099
TeleJSON prior to 6.0.0 contains a DOM-based XSS via the parse() reviver that reads a constructor-name property and passes it to new Function(), allowing arbitrary JavaScript execution in contexts such as postMessage for cross-frame communication. Affected component: TeleJSON parse() in versions ...
Malicious code in txdpy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 767f0e720df9d2dd670fc9c607db01794649653be89daa42f01dfe34a69a8ecd The package exports a 发送邮件 sendemail function whose default sender, recipient, and SMTP auth code are hardcoded to the author's QQ account. In...
Weak Password Recovery Mechanism for Forgotten Password
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the updatePassword function. An attacker can enumerate valid user accounts and forcibly chan...
Missing Authentication for Critical Function
Overview symfony/lox24-notifier is a Symfony LOX24 Notifier Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parsers in the Mailjet maile bridge and LOX24 SMS notifier bridge. An attacker can submit forged...
Missing Authentication for Critical Function
Overview symfony/mailtrap-mailer is a Symfony Mailtrap Mailer Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parser in the Mailtrap mailer bridge. An attacker can submit forged webhook events because the pars...
Astra Linux - уязвимость в firefox
The developer’s page for about:memory includes a Measure function for exploring which object types the browser has allocated and their sizes. When this function was invoked, we incorrectly called the sizeof function instead of using the API method that checks for invalid pointers. This...
Astra Linux - уязвимость в krb5
The vulnerability of the getmechset function in the spnegomech.c component of the Kerberos authentication protocol is related to reading data from within a permissible buffer size. Exploiting this vulnerability allows an attacker to cause service failures...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: mm/mremap: fixed the WARN message emitted by uffd when remap events are disabled. Registering userfaultd on a VMA that spans at least one PMD and then using mremap can trigger a WARN message when recovering from a failed page...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ICE: Fix for the crash in the ethtool offline loopback test. Since the conversion of ICE to page pool, the ethtool loopback test crashes. BUG: Kernel NULL pointer dereference, address: 000000000000000c PF: Supervisor write access...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Do not attempt to trigger a full GT reset if there is a VF involved. VFs do not have access to the GDRST0x941c register, which is used by the driver to reset the GT. Attempt to trigger a reset using debugfs: bash $ cat...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: eint: Fixed invalid pointer dereferencing for v1 platforms The commit 3ef9f710efcb “pinctrl: mediatek: Added EINT support for multiple addresses” introduced an access to the ‘soc’ field of the struct mtkpinctrl...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: serial: liteuart: Fixed a NULL pointer dereferencing in -remove. The drvdata parameter must be set in probe; otherwise, platformgetdrvdata causes a NULL pointer dereferencing bug in remove...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: isdn: mISDN: Fixed the sleeping function called from an invalid context. The driver can call the card-isac.release function from an atomic context. This issue was fixed by calling this function after releasing the lock. The...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: ipmi: Fixed the use of a pointer after it is freed in ipmidestroyuser. The intffree function frees the “intf” pointer, so we cannot dereference it again in the next line...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: A potential memory leak has been fixed in qedrallocmr. The qedrallocmr function allocates a memory chunk for “mr-info.pbltable” using initmrinfo. When rdmaalloctid and rdmaregistertid fail, “mr” is released, but...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed the call trace in setuptxdescriptors. After a PF reset and the use of ethtool -t, there was a call trace in dmesg. Sometimes this led to a panic. After some time, approximately 5 seconds, between a reset and a test...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Separate handlers are used for interrupts. The interrupt vector from PF to AF, and the interrupt vector from VF to AF, both use the same interrupt handler. This causes a race condition. When two interrupts are raise...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Registers the VF in netvscprobe if NETDEVICEREGISTER was missed. If the hvnetvsc driver is unloaded and reloaded, the NETDEVICEREGISTER handler cannot successfully register the VF, as the register call is received befor...