89 matches found
freerdp: FreeRDP: Denial of service due to use-after-free vulnerability
A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...
freerdp: FreeRDP: Denial of service due to use-after-free vulnerability
A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...
freerdp: FreeRDP: Denial of service due to use-after-free vulnerability
A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...
freerdp: FreeRDP: Denial of service due to use-after-free vulnerability
A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...
freerdp: FreeRDP: Denial of service due to use-after-free vulnerability
A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...
freerdp: FreeRDP: Denial of service due to use-after-free vulnerability
A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: rtomin/max: Avoid using current-nsproxy. As mentioned in a previous commit of this series, using the net structure via current is not recommended for various reasons: - Inconsistency: Obtaining information from the...
WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by hivesec in WordPress Plugin Min Max Step Quantity Limits Manager for WooCommerce versions = 5.2.2...
CVE-2026-35442
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, aggregate functions min, max applied to fields with the conceal special type incorrectly return raw database values instead of the masked placeholder. When combined with groupBy, any authenticated...
Incorrect Authorization
Overview directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Incorrect Authorization in the aggregate query process when applying min or max functions to fields marked as concealed. An attacker can...
CVE-2026-25952 FreeRDP has heap-use-after-free in xf_SetWindowMinMaxInfo
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfSetWindowMinMaxInfo dereferences a freed xfAppWindow pointer because xfrailgetwindow in xfrailserverminmaxinfo returns an unprotected pointer from the railWindows hash table, and the main thread can...
Exploit for CVE-2026-26198
versions 0.9.9 through 0.22.0, when performing Vulnerability...
CVE-2026-26198 ormar is vulnerable to SQL Injection through aggregate functions min() and max()
Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...
CVE-2026-26198 ormar is vulnerable to SQL Injection through aggregate functions min() and max()
Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...
Linux Distros Unpatched Vulnerability : CVE-2026-26198
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing...
py-ormar -- vulnerabilities
https://github.com/ormar-orm/ormar/security/advisories reports: SQL Injection in aggregate functions min and max Pydantic Validation Bypass via pkonly and excluded Kwargs Injection in Model Constructor...
CVE-2026-1083 Appointment Hour Booking – Booking Calendar <= 1.5.60 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration
The Appointment Hour Booking – Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form field configuration parameters in all versions up to, and including, 1.5.60 due to insufficient input sanitization and output escaping on the 'Min length/characters' and 'Max...
WordPress Appointment Hour Booking plugin <= 1.5.60 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration vulnerability discovered by ALockWooD in WordPress Plugin Appointment Hour Booking versions = 1.5.60...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004286)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004286 advisory. An issue was discovered in the Linux kernel before 5.8.15. scalar32minmaxor in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka...
CVE-2023-4270
The Min Max Control WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...