3758 matches found
Cisco IOS XE WLC - Arbitrary File Upload
A vulnerability in the Out-of-Band Access Point AP Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.This vulnerability is due to the presence of a hard-coded JSON Web...
foreman: Foreman: Information disclosure via improper validation of nested request parameters
A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...
foreman: Foreman: Information disclosure via improper validation of nested request parameters
A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...
CVE-2026-56766
A flaw was found in Hydra. A malicious server can exploit a stack buffer overflow vulnerability in the NTLM authentication modules by sending a specially crafted NTLM Type-2 challenge. This can lead to an overflow of a stack buffer, potentially enabling remote code execution on systems that lack...
CVE-2026-56766
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...
CVE-2026-56766 Hydra - Stack Buffer Overflow in NTLM Authentication Handler
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Networks: Bridge: MST: Fixed suspicious RCU usage in brmstsetstate. I converted brmstsetstate to RCU to avoid a vlan use-after-free, but I forgot to change the vlangroupdereferencehelper. I switched to using the...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: bridge: Fixed the issue of null pointer dereference in the vlan tunnel destination. This patch addresses a null pointer dereference issue caused by lockless access in the tunnel egress path. When deleting a vlan tunnel, the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: bcmasp – fixed the double-free of WoL irq. We no longer need to free wolirq, as it was instantiated using devmrequestirq. Therefore, devres will handle the freeing of resources on our behalf...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ip6mr: Fixed skbunderpanic in ip6mrcachereport. skbuff: skbunderpanic: Text: fffffffff88771f69; Len: 56; Put: -4; Head: ffffff88c5f86a800; Data: fffff887f5f86a850; Tail: 0x88; End: 0x2c0; Device: pim6reg. ----------- Cut here...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A list management bug in BSS handling in the mac80211 stack of the Linux kernel versions 5.1 through 5.19.x, prior to 5.19.16, could be exploited by local attackers those capable of injecting WLAN frames to corrupt a linked list and, in turn, potentially execute unauthorized code...
EUVD-2026-37876
A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...
CVE-2026-40457 Reflected XSS in LMS
A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...
CVE-2026-40456 OS Command Injection in LMS
An OS Command Injection vulnerability exists in LMS LAN Management System before commit 9fcb4de due to an IP address parameter being passed to the "exec" function without proper validation, allowing attackers to execute arbitrary operating system commands...
EUVD-2026-37875
An OS Command Injection vulnerability exists in LMS LAN Management System before commit 9fcb4de due to an IP address parameter being passed to the "exec" function without proper validation, allowing attackers to execute arbitrary operating system commands...
CVE-2026-40455
Affected software: LMS (LAN Management System). Vulnerability: SQL Injection in the tarifflist.php module caused by insufficient sanitization of the POST tg[] parameter; the code concatenates user-supplied array values into an SQL query using implode(). Impact / access: authenticated attackers ca...
CVE-2026-48860
A flaw was found in Erlang/OTP. The inettlsdist:checkip/1 function, responsible for enforcing a LAN allowlist for Erlang distribution over TLS, incorrectly uses inet:sockname/1 instead of inet:peername/1 to obtain the peer's IP address. This allows an unauthenticated attacker, possessing a...
EUVD-2026-37646
Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Packaged Air Conditioners for Japan and outside Japan; Refrigerators for...
SUSE-SU-2026:22137-1 Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38549: efivarfs: Fix memory leak of efivarfsfsinfo in fscontext error paths bsc1248235. - CVE-2025-68324: scsi: imm: Fix use-after-free bug cause...
CVE-2026-6517
Mattermost Desktop App (versions