416 matches found
EUVD-2026-34128
In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTORAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTORAW 255 was dangerous. socketAFINET, SOCKRAW, 255; A malicious incoming ICMP packet can set the...
CVE-2026-46266 inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP
In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTORAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTORAW 255 was dangerous. socketAFINET, SOCKRAW, 255; A malicious incoming ICMP packet can set the...
ROS-20260529-73-0011
The vulnerability in the vault is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to execute a SSRF attack remotely...
ROS-20260526-73-0014
Vulnerability in registry related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow a remote attacker to launch an ssrf attack...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: rxrpc: The issue related to irqdisabled in localbhenable has been fixed. The rxrpcassessMTUsize function calls down into the IP layer to determine the MTU size for a route. When accepting an incoming call, this call is made throu...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed an oops due to the absence of the prealloc backlog struct. If an AFRXRPC service socket is opened and bound, but the calls are pre-allocated, then rxrpcallocincomingcall will cause an oops because the rxrpcbacklog...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Firewire: In the net subsystem, a bug related to use-after-free was fixed in the fwnetfinishincomingpacket function. The netifrx function frees the skb, but we cannot dereference it to save the skb-len...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: l2cap: Check the encryption key size during incoming connections. This is required for passing the GAP/SEC/SEM/BI-04-C PTS test case: - Security Mode: 4, Level: 4, Responder: Invalid Encryption Key Size - Key Size:...
CVE-2026-40569
Vulnerability summary (CVE-2026-40569): FreeScout (self-hosted help desk) versions prior to 1.8.213 suffer a mass assignment flaw in the mailbox connection settings endpoints (connectionIncomingSave and connectionOutgoingSave). The code passes $request->all() directly to $mailbox->fill() wi...
EUVD-2024-33803
The WIP Incoming Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the saveoption function. This makes it possible for unauthenticated attackers to update settings and inject...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006589)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006589 advisory. In the Linux kernel, the following vulnerability has been resolved: firewire: net: fix use after free in fwnetfinishincomingpacket The netifrx function frees the skb...
Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18409)
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/incoming.cgi, and can be exploited by an attacker to inject malicious...
EUVD-2026-18296
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /cgi-bin/incoming.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
CVE-2026-34807 Endian Firewall /cgi-bin/incoming.cgi remark Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /cgi-bin/incoming.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
CVE-2026-34807 Endian Firewall /cgi-bin/incoming.cgi remark Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /cgi-bin/incoming.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
Endian Firewall 跨站脚本漏洞
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/incoming.cgi, and can be exploited by an attacker to inject malicious...
PT-2026-29767
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /cgi-bin/incoming.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
CVE-2026-20082
A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly. This vulnerability is due to improper handling of new,...
CVE-2019-25378
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHESIZE, MAXSIZE, MINSIZE, MAXOUTGOINGSIZE, and MAXINCOMINGSIZE. Attackers can submit POS...
ROS-20260216-73-0013
Vulnerability in kubernetes related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to launch an ssrf attack...