Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/smc: fixed a warning in smcrxsplice, when calling getpage The smcloregisterdmb function allocates DMB buffers using kzalloc, which are later passed to getpage in smcrxsplice. Since kmalloc memory is not page-backed, this...

PT-2026-22359

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to the admin/cms getpagetitle.php endpoint with malicious catid values to extract sensitive...

CVE-2025-15496

A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-989929)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989929 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmu: Fix possible page UAF tcmutrygetdatapage looks up pages under cmdrlock, but i...

EUVD-2025-35068

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix warning in smcrxsplice when calling getpage smcloregisterdmb allocates DMB buffers with kzalloc, which are later passed to getpage in smcrxsplice. Since kmalloc memory is not page-backed, this triggers WARNONONCE in...

CVE-2025-40012 net/smc: fix warning in smc_rx_splice() when calling get_page()

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix warning in smcrxsplice when calling getpage smcloregisterdmb allocates DMB buffers with kzalloc, which are later passed to getpage in smcrxsplice. Since kmalloc memory is not page-backed, this triggers WARNONONCE in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986431)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986431 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmu: Fix possible page UAF tcmutrygetdatapage looks up pages under cmdrlock, but i...

CVE-2025-8701

A vulnerability was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /OLOprationLog/GetPageList. The manipulation of the argument optUser leads to sql injection. The attack may ...

Wanzhou WOES Intelligent Optimization Energy Saving System 注入漏洞

Wanzhou WOES Intelligent Optimization Energy Saving System is an Intelligent Optimization Energy Saving System from the Chinese company Wanzhou. An injection vulnerability exists in version 1.0 of the Wanzhou WOES Intelligent Optimization Energy Saving System, which originates from SQL injection...

CVE-2024-10329

The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the 'ubegetpagetemplates' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

GHSA-38MG-WM59-G64X composio allows Server-Side Request Forgery (SSRF) in BROWSERTOOL

A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS actions...

Improper Neutralization of Data within XPath Expressions ('XPath Injection')

Overview composio-core is a Core package to act as a bridge between composio platform and other services. Affected versions of this package are vulnerable to Improper Neutralization of Data within XPath Expressions 'XPath Injection' via the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS action...

OpenClinic GA Path Traversal Vulnerability

OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management. A security vulnerability exists in OpenClinic GA version 5.247.01, which originates from a directory path traversal attack that can be...

SUSE CVE-2013-0154

The getpagetype function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service assertion failure and hypervisor crash via unspecified vectors related to a hypercall...

SUSE CVE-2017-11698

Heap-based buffer overflow in the getpage function in lib/dbm/src/hpage.c in Mozilla Network Security Services NSS allows context-dependent attackers to have unspecified impact using a crafted cert8.db file...

SUSE CVE-2018-11255

An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted PDF document...

CVE-2022-28078

Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting XSS vulnerability in the Admin panel via the $GET'page' parameter...

pki-core: KRA vulnerable to reflected XSS via the getPk12 page

A flaw was found in the Key Recovery Authority KRA Agent Service where it did not properly sanitize the recovery ID during a key recovery request, enabling a Reflected Cross-Site Scripting XSS vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascri...

Foxit Reader and Foxit PhantomPDF for Windows Memory Misreference Vulnerability (CNVD-2018-23723)

Foxit Reader for Windows is a Windows-based PDF document reader from China's Foxit Foxit Software Corporation.Foxit PhantomPDF for Windows is its commercial version. A memory misreference vulnerability exists in the processing of the getPageBox method of Form in Foxit Reader 9.2.0.9297 and earlie...

Foxit Reader Type Obfuscation Remote Code Execution Vulnerability (CNVD-2018-14473)

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...