71 matches found
CVE-2026-41992
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fixed the issue where global state locks were locked backoff. We need to acquire the lock after the early return in the !hwpipe case. Otherwise, we might encounter contention but still return 0. This fix addresses a...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: The return error code in mdp5mixerrelease is incorrect when a deadlock is detected. There is a possibility that mdp5getglobalstate may return-EDEADLK when acquiring the modeset lock. However, currently,...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: drm/msm/mdp5: The return error code in mdp5piperelease occurs when a deadlock is detected. mdp5getglobalstate runs the risk of encountering an -EDEADLK error when acquiring the modeset lock. Currently, mdp5piperelease does not...
CVE-2026-40594
CVE-2026-40594 affects pyLoad: the set_session_cookie_secure before_request in pyload/webui/app/init .py reads X-Forwarded-Proto without origin validation and mutates the global Flask SESSION_COOKIE_SECURE on every request. With Cheroot’s multi-threaded server (request_queue_size=512), this creat...
CVE-2026-40594 pyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted prox...
CVE-2026-40594 pyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted prox...
GHSA-MP82-FMJ6-F22V pyLoad has a Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)
Summary The setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted proxy, then mutates the global Flask configuration SESSIONCOOKIESECURE on every request...
pyLoad has a Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)
Summary The setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted proxy, then mutates the global Flask configuration SESSIONCOOKIESECURE on every request...
Cross-site Scripting (XSS)
Overview dtale is a Web Client for Visualizing Pandas Objects Affected versions of this package are vulnerable to Cross-site Scripting XSS through the DtaleRedis.get and shelf storage code in dtale/globalstate.py. An attacker can run arbitrary code on the server by supplying a crafted pickle...
GHSA-82FW-CH24-J34W Lollms has an Improper Access Control vulnerability
A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...
CVE-2026-1117
A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...
CVE-2026-1117 Improper Access Control in parisneo/lollms
A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...
CVE-2026-1117
A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...
CVE-2026-1117
The CVE-2026-1117 entry describes a vulnerability in parisneo/lollms (version 5.9.0) where the lollms_generation_events.py component registers Socket.IO events (generate_text, cancel_generation, generate_msg, generate_msg_from) without authentication/authorization checks. This allows unauthentica...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004839)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004839 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fix global state lock backoff We need to grab the lock after the early return for...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993112)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993112 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fix global state lock backoff We need to grab the lock after the early return for...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: xfrm: Duplicate SPI Handling The issue arises when Strongswan initiates an XFRMMSGALLOCSPI Netlink message, which triggers the kernel function xfrmallocspi. This function is supposed to ensure the uniqueness of the Security...
EUVD-2022-55438
Malicious code in bioql PyPI...
EUVD-2023-44451
Malicious code in bioql PyPI...