CVE-2025-44863

TOTOLINK CA300-POE V6.2c.884B20180522 was found to contain a command injection vulnerability in the msgprocess function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44842

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the msgprocess function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2022-49862

CVE-2022-49862 concerns the Linux kernel TIPC subsystem. The issue arises in tipc_nl_compat_name_table_dump_header where the msg->req TLV length is not properly validated, following a prior change intended to fix uninit-value behavior when TLV_GET_DATA_LEN() can be negative. This can lead to i...

PT-2025-18658 · Totolink · Totolink Ca600-Poe

Name of the Vulnerable Software and Affected Versions: TOTOLINK CA600-PoE version 5.3c.6665 B20180820 Description: The issue is related to a command injection vulnerability in the msg process function via the Url parameter. This allows attackers to execute arbitrary commands by crafting a specifi...

DEBIAN-CVE-2025-21848

In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfpappctrlmsgalloc Add check for the return value of nfpappctrlmsgalloc in nfpbpfcmsgalloc to prevent null pointer dereference...

CVE-2025-2077

The Simple Amazon Affiliate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'msg' parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

UBUNTU-CVE-2025-21748

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix integer overflows on 32 bit systems On 32bit systems the addition operations in ipcmsgalloc can potentially overflow leading to memory corruption. Add bounds checking using KSMBDIPCMAXPAYLOAD to avoid overflow...

CVE-2022-49209

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in tcpbpfsendmsg while sk msg is full If tcpbpfsendmsg is running while sk msg is full. When skmsgalloc returns -ENOMEM error, tcpbpfsendmsg goes to waitformemory. If partial memory has been alloced by...

UBUNTU-CVE-2022-49209

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in tcpbpfsendmsg while sk msg is full If tcpbpfsendmsg is running while sk msg is full. When skmsgalloc returns -ENOMEM error, tcpbpfsendmsg goes to waitformemory. If partial memory has been alloced by...

CVE-2022-49209 bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in tcpbpfsendmsg while sk msg is full If tcpbpfsendmsg is running while sk msg is full. When skmsgalloc returns -ENOMEM error, tcpbpfsendmsg goes to waitformemory. If partial memory has been alloced by...

CVE-2022-49204

Summary: CVE-2022-49204 is a Linux kernel vulnerability in the bpf/sockmap path related to uncharged data handling when a tcp_bpf_sendmsg_redir sequence occurs. The root cause is that msg->sg.size can be charged twice across the __SK_REDIRECT path, leading to uncharged memory being left in sk_...

PT-2025-14328

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a type confusion vulnerability via a race condition when using ipc msg send request in the ksmbd component. This occurs because req-handle is allocated using ksmb...

Quorum onQ 安全漏洞

Quorum onQ is a backup solution from Quorum. A security vulnerability exists in Quorum onQ version v.6.0.0.5.2064, which originates from a cross-site scripting vulnerability that allows remote attackers to obtain sensitive information via the msg parameter in the Login page...

PT-2025-3433 · Unknown · Informationpush

Name of the Vulnerable Software and Affected Versions: InformationPush master version Description: The issue allows a remote attacker to obtain sensitive information via the title, time, and msg parameters. This is a Cross Site Scripting vulnerability. Recommendations: For InformationPush master...

CVE-2024-57372

CVE-2024-57372 is an XSS vulnerability in InformationPush master version. The flaw allows a remote attacker to obtain sensitive information through the vulnerable parameters title , time , and msg . The available connected documents confirm the affected software (InformationPush master) and the e...

CVE-2024-57902

In the Linux kernel, the following vulnerability has been resolved: afpacket: fix vlangettci vs MSGPEEK Blamed commit forgot MSGPEEK case, allowing a crash 1 as found by syzbot. Rework vlangettci to not touch skb at all, so that it can be used from many cpus on the same skb. Add a const qualifier...

PT-2025-4780 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.6 Description: A Reflected Cross-Site Scripting XSS issue was identified in the tags.php endpoint of the WeGIA application. This issue allows attackers to inject malicious scripts in the msg e parameter due to the...

WeGIA 跨站脚本漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. WeGIA has a cross-site scripting vulnerability that stems from a reflected cross-site scripting vulnerability contained in the msgc parameter of the editarpermissoes.php file...

CVE-2024-57791 net/smc: check return value of sock_recvmsg when draining clc data

In the Linux kernel, the following vulnerability has been resolved: net/smc: check return value of sockrecvmsg when draining clc data When receiving clc msg, the field length in smcclcmsghdr indicates the length of msg should be received from network and the value should not be fully trusted as i...

PT-2025-4587 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.8 Description: A Reflected Cross-Site Scripting XSS issue was identified in the "home.php" endpoint of the WeGIA application. This issue allows attackers to inject malicious scripts in the msg c parameter...