230 matches found
EUVD-2026-32777
In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotifygetmarksafe may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the...
CVE-2026-46150
The CVE-2026-46150 issue affects the Linux kernel fanotify subsystem. It arises because fsnotify_get_mark_safe() may return false for a mark in an unrelated group, bypassing the permission check. The fix patches the logic to skip detached marks that are not in the current group, mitigating the by...
PT-2026-44273
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the fanotify system allows the fsnotify get mark safe function to return false for a mark on an unrelated group. This behavior leads to the bypassing of permission checks. The...
PT-2026-44298
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An inconsistency occurs in the f2fs file system during Foreground Garbage Collection FGGC node block migration. The Garbage Collection process fails to clear the dentry and fsync marks...
Improper Encoding or Escaping of Output
Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the HtmlSanitizer component that fails to properly detect and strip percent-encoded BiDi...
Linux Distros Unpatched Vulnerability : CVE-2026-46040
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - inotify: fix watch count leak when fsnotifyaddinodemarklocked fails When fsnotifyaddinodemarklocked fails in inotifynewwatch, the error path calls...
BIT-JRE-2023-25193
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...
PT-2026-38795
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...
SUSE-SU-2026:1749-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.52.1. Security issues fixed: - CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy bsc1261172. - CVE-2026-20664: processing maliciously crafted web content may lead to an unexpected...
BIT-JAVA-MIN-2023-25193
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...
BIT-JAVA-2023-25193
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...
PT-2026-37774
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...
PT-2026-37981
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...
SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2026:1648-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1648-1 advisory. Update to version 2.52.1. Security issues fixed: - CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy...
Andrea ST Filters Service Code Issues and Vulnerabilities
Andrea ST Filters Service is an audio enhancement driver component developed by Andrea Corporation in the United States. Version 1.0.64.7 of Andrea ST Filters Service contains a code vulnerability. This vulnerability stems from the service path in the Windows service configuration that lacks...
MiracleLinux 8 : harfbuzz-1.7.5-4.el8 (AXSA:2024-8252:02)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8252:02 advisory. harfbuzz: allows attackers to trigger On^2 growth via consecutive marks CVE-2023-25193 Tenable has extracted the preceding description block directly from th...
MiracleLinux 7 : harfbuzz-1.7.5-2.0.1.el7.AXS7 (AXSA:2024-8760:03)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8760:03 advisory. CVE-2023-25193: optimize looking back for base glyphs in hb-ot-layout-gsubgpos-private.hh CVEs: CVE-2023-25193 hb-ot-layout-gsubgpos.hh in HarfBuzz through...
EUVD-2025-206271
Details On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different...
CVE-2024-41243
An Incorrect Access Control vulnerability was found in /smsa/viewmarks.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view MARKS details...
PT-2025-53453
Name of the Vulnerable Software and Affected Versions Eaton UPS Companion affected versions not specified Description A flaw exists in the Eaton UPS Companion software installer related to improper handling of quotation marks in search paths. This could allow an attacker with file system access t...