EUVD-2026-26636

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 receive path as struct inet6skbparm. icmpsend passes IPCBskb2 to...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988953)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988953 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in tcpbpfsendmsg while sk msg is full If tcpbpfsendmsg is running while...

EUVD-2025-32105

Malicious code in bioql PyPI...

CVE-2025-40989 Stored XSS in Creativeitem Ekushey CRM

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectmessage/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a speciall...

CVE-2023-53240

The CVE-2023-53240 issue concerns the Linux kernel’s xsk path. If a napi id is marked on an interface not brought up, xsk_sendmsg /xsk_poll can call xsk_xmit(), which may dereference a NULL pointers to xs->dev when IFF_UP is not set, causing a kernel NULL pointer dereference. The fix restructu...

SourceCodester Food Ordering Management System SQL注入漏洞

SourceCodester Food Ordering Management System is a SourceCodester open source food ordering management system. A SQL injection vulnerability exists in SourceCodester Food Ordering Management System version 1.0, which originates from an incorrect manipulation of the ticketid parameter in the file...

UBUNTU-CVE-2025-38190

In the Linux kernel, the following vulnerability has been resolved: atm: Revert atmaccounttx if copyfromiterfull fails. In vccsendmsg, we account skb-truesize to sk-skwmemalloc by atmaccounttx. It is expected to be reverted by atmpopraw later called by vcc-dev-ops-sendvcc, skb. However, vccsendms...

SUSE CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...

Schneider Electric U.motion Builder Error Message Path Vulnerability

U.motion Builder is a builder product from Schneider Electric France. An error message path vulnerability exists in Schneider Electric U.motion Builder. An exception message containing sensitive path information is returned to an attacker. This allows an attacker to exploit the vulnerability to...

B2Bbuilder website SQL injection vulnerability that can be drag library-vulnerability warning-the black bar safety net

Brief description: B2Bbuilder official websiteSQL injectionvulnerabilities that can be drag library There is also the message path. Detailed description: The presence of the injected url: http://www.b2b-builder.com/announcement.php?id=30 Reported an absolute path vulnerability: ! The official...

CVE-2006-6755

Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprimapi.php, which reveals the path in an error message...

Design/Logic Flaw

Noah's Classifieds 1.3 and earlier allows remote attackers to obtain sensitive information via an invalid list parameter in the showdetails method to index.php, which reveals the path in an error message...

Directory traversal

Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to 1 read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or 2 include arbitrary files via the template parameter to...