13 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the crypto authencesn module failing to save the high sequence bits in dst when decrypting out-of-place,...
Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground
Admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other sensitive configuration data, in addition to running the hashData signing function. This issue was mitigated in versions 3.7.2 and 2.15.2 by disabling...
CVE-2026-27131 Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground
The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...
SUSE CVE-2026-23143
In the Linux kernel, the following vulnerability has been resolved: virtionet: Fix misalignment bug in struct virtnetinfo Use the new TRAILINGOVERLAP helper to fix a misalignment bug along with the following warning: drivers/net/virtionet.c:429:46: warning: structure containing a flexible array...
CVE-2026-23143 virtio_net: Fix misalignment bug in struct virtnet_info
In the Linux kernel, the following vulnerability has been resolved: virtionet: Fix misalignment bug in struct virtnetinfo Use the new TRAILINGOVERLAP helper to fix a misalignment bug along with the following warning: drivers/net/virtionet.c:429:46: warning: structure containing a flexible array...
EUVD-2025-198424
LogStare Collector improperly handles the password hash data. An administrative user may obtain the other users' password hashes...
CVE-2025-59452
The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, such as a key that begins with cf50...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the SMB share interactions. An attacker can obtain...
Security Bulletin: Multiple Denial of Service vulnerabilities with Expat may affect IBM HTTP Server
Summary There are several vulnerabilities that may affect IBM HTTP Server that is used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2012-0876 DESCRIPTION: Expat is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending...
CVE-2022-22041
creationtimestamp| type| source ---|---|--- 2022-07-13 02:25:53+00:00| seen| https://t.me/cibsecurity/46125...
PHP ext/session/session.c Denial of Service Vulnerability
PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. A denial of service vulnerability exists in PHP versions prior to 5.5.38, 5.6.x prior to 5.6.24, and 7.x prior to 7.0.9 in which the ext/session/session.c...
CVE-2016-6290
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...
IBM WebSphere Application Server 7.0 < Fix Pack 23 Multiple Vulnerabilities
IBM WebSphere Application Server 7.0 before Fix Pack 23 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - A security exposure when using WS-Security could result in a user gaining elevated privileges in applications using JAX-RPC...