798 matches found
Astra Linux – Vulnerability in Apache2
A properly crafted URI sent to httpd, configured as a forward proxy with ProxyRequests enabled, can cause a crash NULL pointer dereference. In configurations that mix forward and reverse proxy declarations, it can also allow requests to be directed to a declared Unix Domain Socket endpoint...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Calls boot services in mixed mode on the firmware’s stack Normally, the EFI stub calls into EFI boot services using the stack that was active when the stub was entered. According to the UEFI specification, this stack...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: gso: Fixed a panic that occurred when using a fraglist with mixed head allocation types. Since the commit 3dcbdb134f32 “net: gso: Fixed an error in skbsegment when splitting a gsosize mangled skb having linear-headed...
Astra Linux – Vulnerability in curl
This flaw allows a malicious HTTP server to set “super cookies” using curl, which are then transmitted back to multiple origins beyond what is allowed or possible. This enables a site to set cookies that are then sent to different and unrelated sites and domains. The attack exploits a flaw in...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/fdinfo: Fixed an issue where OOB reading occurred during the wrap check of SQEMIXED. The function iouringshowfdinfo iterates over pending SQEs. For 128-byte SQEs within an IORINGSETUPSQEMIXED ring, it needs to detect when...
GHSA-XGMM-8J9V-C9WX PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed
!NOTE Exploitation requires a verifier configured with both symmetric and asymmetric algorithms in algorithms=… and a raw-JSON JWK as the key= argument, both contrary to documented usage, hence the High attack-complexity rating. Summary When the verifier is decoding JSON Web Tokens, while...
EUVD-2026-35393
TYPO3 CMS has Broken Access Control in its Form Framework...
GHSA-HWVQ-2W67-RVXP TYPO3 CMS has Broken Access Control in its Form Framework
Problem Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers ...
TYPO3 CMS has Broken Access Control in its Form Framework
Problem Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers ...
Missing Authorization
Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Missing Authorization via the upload for form definition files with mixed-case extensions. An attacker can escalate privileges by uploading maliciously crafted files that execute...
Missing Authorization
Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Missing Authorization via the upload for form definition files with mixed-case extensions. An attacker can escalate privileges by uploading maliciously crafted...
CVE-2026-47346
Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...
@hulumi/drift: Drift classifier fails open on adapter errors and over-promotes Mixed verdicts
Affected: @hulumi/drift 1.4.0 — Fixed in: 1.4.0 — Severity: Medium — CWE-755 Improper Handling of Exceptional Conditions Summary @hulumi/drift runs four adapters that each ask a different question about whether a resource has drifted Pulumi-state diff, provider-version change, CloudTrail event,...
GHSA-32G3-35G9-WC9G @hulumi/drift: Drift classifier fails open on adapter errors and over-promotes Mixed verdicts
Affected: @hulumi/drift 1.4.0 — Fixed in: 1.4.0 — Severity: Medium — CWE-755 Improper Handling of Exceptional Conditions Summary @hulumi/drift runs four adapters that each ask a different question about whether a resource has drifted Pulumi-state diff, provider-version change, CloudTrail event,...
CVE-2026-52884
creationtimestamp| type| source ---|---|--- 2026-06-10 11:18:20+00:00| seen| https://bsky.app/profile/hn100.bsky.social/post/3mnwlmv624n2n 2026-06-10 11:19:33+00:00| seen| https://bsky.app/profile/hnws.bsky.social/post/3mnwlpjjr3e22 2026-06-10 11:20:05+00:00| seen|...
PT-2026-48478
Affected: @hulumi/drift 1.4.0 — Fixed in: 1.4.0 — Severity: Medium — CWE-755 Improper Handling of Exceptional Conditions Summary @hulumi/drift runs four adapters that each ask a different question about whether a resource has drifted Pulumi-state diff, provider-version change, CloudTrail event,...
CVE-2026-47346
Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...
CVE-2026-47346
Summary: CVE-2026-47346 affects TYPO3 CMS prior to certain patch versions, where backend users with file write perms can upload form definition files with mixed-case extensions (e.g., .FORM.YAML) to bypass upload restrictions. This can be exploited to execute arbitrary SQL statements and escalate...
CVE-2026-47346 TYPO3 CMS - Broken Access Control in Form Framework
Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...
TYPO3 CMS 安全漏洞
TYPO3 CMS is a content management system developed under the TYPO3 open source framework. There is a security vulnerability in TYPO3 CMS, which stems from the upload limit imposed on form definition files. This limit can be bypassed by using mixed uppercase and lowercase file extensions, allowing...