521 matches found
PT-2026-32346
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The bridge MRP component fails to validate user-supplied interval values from netlink in the br mrp start test, br mrp start in test, and br mrp start in test parse functions. When an...
CVE-2026-31420
In the Linux kernel, the following vulnerability has been resolved: bridge: mrp: reject zero test interval to avoid OOM panic brmrpstarttest and brmrpstartintest accept the user-supplied interval value from netlink without validation. When interval is 0, usecstojiffies0 yields 0, causing the...
CVE-2026-6112
A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The...
CVE-2026-6112
A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The...
CVE-2026-35599
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far ...
Vikunja has Algorithmic Complexity DoS in Repeating Task Handler
Summary The addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far in the past, an attacker triggers billions of loop iterations, consuming...
PT-2026-31950
Name of the Vulnerable Software and Affected Versions: Vikunja versions prior to 2.3.0 Description: Vikunja, a self-hosted task management platform, contains an issue where the addRepeatIntervalToTime function uses an inefficient loop. An attacker can create a repeating task with a 1-second...
SUSE CVE-2026-33029
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enter...
GO-2026-4902 nginx-ui Vulnerable to DoS via Negative Integer Input in Logrotate Interval in github.com/0xJacky/Nginx-UI
nginx-ui Vulnerable to DoS via Negative Integer Input in Logrotate Interval in github.com/0xJacky/Nginx-UI...
PT-2026-29945
nginx-ui Vulnerable to DoS via Negative Integer Input in Logrotate Interval in github.com/0xJacky/Nginx-UI...
CVE-2026-33029
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enter...
Fedora 44 : cpp-httplib (2026-03599f0b32)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-03599f0b32 advisory. Update to 0.38.0 rhbz2447261 - Filename sanitization for path traversal prevention Added sanitizefilename to prevent path traversal attacks via malicious...
CVE-2026-33029 Nginx UI: DoS via Negative Integer Input in Logrotate Interval
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enter...
CVE-2026-33029 Nginx UI: DoS via Negative Integer Input in Logrotate Interval
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enter...
CVE-2026-33029
CVE-2026-33029 affects Nginx UI (web UI for Nginx). An input validation flaw in the logrotate configuration allows an authenticated user to submit a negative integer for the rotation interval, causing the backend to enter an infinite loop or invalid state and rendering the UI unresponsive (DoS). ...
CVE-2026-33029 Nginx UI: DoS via Negative Integer Input in Logrotate Interval
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enter...
CVE-2026-33029
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enter...
nginx-ui Vulnerable to DoS via Negative Integer Input in Logrotate Interval
Summary An input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enters an infinite loop or an invalid state, rendering the web interface...
Unchecked Input for Loop Condition
Overview Affected versions of this package are vulnerable to Unchecked Input for Loop Condition due to improper input validation in the POST /api/settings handler for the logrotate.interval field. An attacker can make the web interface unresponsive by submitting a negative interval value, causing...
Unchecked Input for Loop Condition
Overview github.com/0xJacky/Nginx-UI/settings is a yet another Nginx Web UI Affected versions of this package are vulnerable to Unchecked Input for Loop Condition due to improper input validation in the POST /api/settings handler for the logrotate.interval field. An attacker can make the web...