995 matches found
GL.iNET SSID Key Disclosure
An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key. id: CVE-2023-31478 info: name: GL.iNET SSID Key Disclosure author: DhiyaneshDK severity: high description: | An issue was discovered on GL.iNet...
CVE-2026-57752
Contributor SQL Injection in iNET Webkit 1.2.4 versions...
CVE-2026-57752
The CVE-2026-57752 entry covers a Contributor SQL Injection in the WordPress iNET Webkit plugin version 1.2.4. The vulnerability is described without attack details; CVSS 3.1 base score 8.5 (Network attack, Low complexity, Privileges Required: Low, User Interaction: None, Confidentiality Impact: ...
EUVD-2026-41308
Contributor SQL Injection in iNET Webkit 1.2.4 versions...
CVE-2026-57752 WordPress iNET Webkit plugin 1.2.4 - SQL Injection vulnerability
Contributor SQL Injection in iNET Webkit 1.2.4 versions...
WordPress iNET Webkit plugin 1.2.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Evan NR in WordPress Plugin iNET Webkit versions 1.2.4...
Linux Distros Unpatched Vulnerability : CVE-2026-53175
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - inet: frags: fix use-after-free caused by the fqdirpreexit flush On netns teardown, fqdirpreexit walks the fqdir rhashtable and flushes every fragment queue tha...
Server-Side Request Forgery
jackson-databind is vulnerable to server-side request forgery SSRF. The vulnerability is due to eager DNS resolution during InetSocketAddress deserialization, where untrusted hostnames are resolved before application-level validation, allowing attackers to trigger arbitrary DNS requests by...
CVE-2026-53175
In the Linux kernel, the following vulnerability has been resolved: inet: frags: fix use-after-free caused by the fqdirpreexit flush On netns teardown, fqdirpreexit walks the fqdir rhashtable and flushes every fragment queue that is not yet complete using inetfragqueueflush. That helper frees all...
UBUNTU-CVE-2026-53175
In the Linux kernel, the following vulnerability has been resolved: inet: frags: fix use-after-free caused by the fqdirpreexit flush On netns teardown, fqdirpreexit walks the fqdir rhashtable and flushes every fragment queue that is not yet complete using inetfragqueueflush. That helper frees all...
CVE-2026-53175
The CVE-2026-53175 entries describe a use-after-free in the Linux kernel’s fragment reassembly during netns teardown. Root cause: fqdir_pre_exit() flushes fragment queues but may leave freed skbs referenced by fragment queue state (fragments_tail/last_run_head) before INET_FRAG_COMPLETE is set, a...
CVE-2026-53175 inet: frags: fix use-after-free caused by the fqdir_pre_exit() flush
In the Linux kernel, the following vulnerability has been resolved: inet: frags: fix use-after-free caused by the fqdirpreexit flush On netns teardown, fqdirpreexit walks the fqdir rhashtable and flushes every fragment queue that is not yet complete using inetfragqueueflush. That helper frees all...
CVE-2026-53175
In the Linux kernel, the following vulnerability has been resolved: inet: frags: fix use-after-free caused by the fqdirpreexit flush On netns teardown, fqdirpreexit walks the fqdir rhashtable and flushes every fragment queue that is not yet complete using inetfragqueueflush. That helper frees all...
SUSE CVE-2026-54514
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...
Linux Distros Unpatched Vulnerability : CVE-2026-53001
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: xtables: restrict several matches to inet family This is a partial revert of: commit ab4f21e6fb1c netfilter: xtables: use NFPROTOUNSPEC in more...
PT-2026-52271
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists during network namespace teardown. The function fqdir pre exit flushes incomplete fragment queues via inet frag queue flush, which frees queued socket buffe...
RockyLinux 9 : kernel (RLSA-2026:27789)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27789 advisory. kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished...
EUVD-2026-38869
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: restrict several matches to inet family This is a partial revert of: commit ab4f21e6fb1c "netfilter: xtables: use NFPROTOUNSPEC in more extensions" to allow ipv4 and ipv6 only. - xtmac - xtowner - xtphysdev...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed a use-after-free in inet6addrdel. The syzbot reported a use-after-free of inet6ifaddr in inet6addrdel. 0 The referenced commit accidentally moved ipv6deladdr for mngtmpaddr before reading its ifp-flags for temporary...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the JDKFromStringDeserializer class, which constructs InetSocketAddress and resolves the hostname through DNS at deserialization time. An attacker can force the server to issue outbound DNS lookups fo...