CLSA-2026-1778674192 Fix CVE(s): CVE-2026-3441, CVE-2026-3442

SECURITY UPDATE: heap-based OOB read in xcofflinkaddsymbols bfd/xcofflink.c triggered by a crafted XCOFF object file - debian/patches/binutils-CVE-2026-3441-3442.patch: bounds-check XTYLD xscnlen csect index and sanity-check rsymndx before indexing symhashes - CVE-2026-3441 - CVE-2026-3442...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990797)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990797 advisory. In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in atatlinkadd In atatlinkadd, the return value of...

CVE-2022-49424

CVE-2022-49424 is a Linux kernel issue in the Mediatek IOMMU driver. The root cause is a NULL pointer dereference when printing dev_name due to larbdev being NULL during probe (mtk_iommu_probe_device). The crash can occur in device_link_add() and is triggered by an incorrect DTS input. The public...

Yzmcms 跨站脚本漏洞

YzmCMS is a lightweight open source content management system based on PHP Mysql architecture developed solely by Yuan Zhimeng. cross-site scripting vulnerability exists in the /link/add.html component of YzmCMS version 5.3. An attacker can use this vulnerability to execute arbitrary Web scripts ...

CVE-2018-16349

WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add formremark parameter...

Design/Logic Flaw

WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add formremark parameter...

CVE-2011-5070

Multiple cross-site scripting XSS vulnerabilities in Support Incident Tracker aka SiT! 3.65 allow remote attackers to inject arbitrary web script or HTML via 1 the file name to incidentattachments.php; 2 unspecified vectors in linkadd.php, possibly involving origref, linkref, linktype parameters,...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Support Incident Tracker aka SiT! 3.65 allow remote attackers to inject arbitrary web script or HTML via 1 the file name to incidentattachments.php; 2 unspecified vectors in linkadd.php, possibly involving origref, linkref, linktype parameters,...

MTCMS multiple upload vulnerabilities

avatar upload vulnerability: upload any kind of file in: site.com/MTCMS-V2.2/?a=gallery&b=adddown and approuved or not it will be here : /uploads/pictures/ same thing for : add link /index.php?a=links&b=addlink xss permanent on Contact Us : message & title fields are vulnerable to an xss attack...