SUSE CVE-2026-45849

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the injection group lock. Both functions contain lockdepassertheld for the...

EUVD-2026-32315

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the injection group lock. Both functions contain lockdepassertheld for the...

CVE-2026-45849

The CVE-2026-45849 vulnerability affects the Linux kernel net: mscc: ocelot path. The issue was that ocelot_port_xmit_inj() invoked ocelot_can_inject() and ocelot_port_inject_frame() without holding the injection group lock, with lockdep_assert_held() present in the callee. The correct caller, fe...

CVE-2026-45849 net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj()

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the injection group lock. Both functions contain lockdepassertheld for the...

CVE-2025-69784

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...

CVE-2025-69784

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...

CVE-2025-69784

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...

CVE-2026-24512

A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...

EUVD-2022-0430

Malicious code in bioql PyPI...

Commvault 11.32.x < 11.32.102 / 11.36.x < 11.36.60 Multiple Vulnerabilities (CV_2025_08_1-4)

The version of Commvault installed on the remote host is 11.32.x prior to 11.32.102 or 11.36.x prior to 11.36.60. It is, therefore, affected by multiple vulnerabilities as disclosed in Commvault advisories CV2025081, CV2025082, CV2025083 and CV2025084: - A security vulnerability has been identifi...

CVE-2025-54453

Samsung MagicINFO 9 Server is affected by CVE-2025-54453 due to a path traversal vulnerability that can lead to code injection/execution in versions prior to 21.1080.0. Public advisories (ZDI-25-669, PT-2025-30541, CNVD, CNVD-2025-20071) describe remote code execution via directory traversal, wit...

CVE-2025-54453

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0...

CVE-2025-54450

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0...

CVE-2024-44014 WordPress Vmax Project Manager plugin <= 1.0 - Local File Inclusion to RCE vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Vmax Studio Vmax Project Manager vmax-project-manager allows PHP Local File Inclusion.This issue affects Vmax Project Manager: from n/a through = 1.0...

CVE-2024-7387

OpenShift CVE-2024-7387 is a symlink-traversal/path traversal vulnerability in the openshift/builder docker build path. A privileged build container can have its destinationDir override a symlink (e.g., usr_bin -&gt; /usr/bin), enabling overwriting of system binaries like /usr/bin/cp and executio...

XSS vulnerability in bookmarks - ownCloud

A cross-site scripting XSS vulnerability in ownCloud before 4.5.5 and 4.0.10 allow remote attackers to inject arbitrary web script or HTML via the PATH data to index.php in apps/bookmark/ Affected Software ownCloud Server 4.5.5 CVE-2013-5666 ownCloud Server 4.0.10 CVE-2013-5666 Action Taken It is...

CVE-2005-1570

forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full path information via a certain hex-encoded argument to the page parameter, possibly due to a SQL injection vulnerability...

PHProfession 2.5 - modules.php?jcode Cross-Site Scripting

PHProfession 2.5 - modules.php?jcode Cross-Site Scripting source: https://www.securityfocus.com/bid/10190/info Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting and SQL injection vulnerabilities were...

TikiWiki Project 1.8 - tiki-view_faq.php?faqId Cross-Site Scripting

TikiWiki Project 1.8 - tiki-viewfaq.php?faqId Cross-Site Scripting source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path...