CVE-2026-23066

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recvmsg unconditional requeue If rxrpcrecvmsg fails because MSGDONTWAIT was specified but the call at the front of the recvmsg queue already has its mutex locked, it requeues the call - whether or not the call is alrea...

GHSA-GM8Q-M8MV-JJ5M Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write

A Path Traversal vulnerability in the partitionmsg function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. Impact An attacker can craft a malicious .msg file with attachment filenames containing path traversal...

CVE-2026-22983

The CVE-2026-22983 entry refers to a Linux kernel issue where msg_get_inq was written in the callee, risking a NULL pointer dereference. The vulnerability is described as a kernel-internal variant of msghdr where callers reinitialize the field; fixing the write is intended to improve robustness a...

CVE-2025-8090

CVE-2025-8090 describes a null pointer dereference in the MsgRegisterEvent() system call of the QNX Neutrino Kernel . Public details in connected sources indicate vulnerability within QNX SDP 7.1/7.0 and QNX OS for Safety 2.0–2.2, with an attacker able to gain local access and code execution to c...

CVE-2019-25277 FaceSentry Access Control System 6.4.8 Reflected Cross-Site Scripting via pluginInstall.php

FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing...

CVE-2019-25262

A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Message Handler. Such manipulation of the argument msg leads to cross site scripting. The attack may b...

Razgover 代码注入漏洞

Razgover is an online messaging application by Eli Nicksic Personal Developer. Razgover suffers from a code injection vulnerability that stems from incorrect manipulation of the parameter msg in the file Chattify/send.php, which could lead to a cross-site scripting attack...

CVE-2023-54300

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid referencing uninit memory in ath9kwmictrlrx For the reasons also described in commit b383e8abed41 "wifi: ath9k: avoid uninit memory read in ath9khtcrxmsg", ath9khtcrxmsg should validate pktlen before accessing...

CVE-2023-54300 wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid referencing uninit memory in ath9kwmictrlrx For the reasons also described in commit b383e8abed41 "wifi: ath9k: avoid uninit memory read in ath9khtcrxmsg", ath9khtcrxmsg should validate pktlen before accessing...

CVE-2023-54066

CVE-2023-54066 (Linux kernel) affects the media: dvb-usb-v2 driver for the gl861 device. In gl861_i2c_master_xfer, the user-controlled msg can have buf == NULL while len == 0, allowing prior checks on msg[i].buf to pass and potentially reach gl861_i2c_master_xfer with a NULL dereference. The vend...

UBUNTU-CVE-2022-50709

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid uninit memory read in ath9khtcrxmsg syzbot is reporting uninit value at ath9khtcrxmsg 1, for ioctlUSBRAWIOCTLEPWRITE can call ath9khifusbrxstream with pktlen = 0 but ath9khifusbrxstream uses devallocskbpktlen +...

CVE-2024-25814

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting XSS vulnerability via the msg parameter...

CVE-2024-25814

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting XSS vulnerability via the msg parameter...

CVE-2025-67344

jshERP v3.5 and earlier is affected by a stored Cross Site Scripting XSS vulnerability via the /msg/add endpoint...

EUVD-2025-203100

jshERP v3.5 and earlier is affected by a stored Cross Site Scripting XSS vulnerability via the /msg/add endpoint...

CVE-2025-67344

jshERP v3.5 and earlier is affected by a stored Cross Site Scripting XSS vulnerability via the /msg/add endpoint...

CVE-2025-67344

CVE-2025-67344 affects jshERP v3.5 and earlier, with a stored Cross-Site Scripting (XSS) vulnerability in the /msg/add endpoint. The issue is reported across multiple feeds (e.g., Red Hat, EUVD, NVD, OSV) and is described as stored XSS in the message-adding functionality, potentially enabling scr...

Linux Distros Unpatched Vulnerability : CVE-2023-53802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: ath9k: htchst: free skb in ath9khtcrxmsg if there is no callback function It is stated that ath9khtcrxmsg either frees the provided skb or passes its...

CVE-2023-53825

In the Linux kernel, the following vulnerability has been resolved: kcm: Fix error handling for SOCKDGRAM in kcmsendmsg. syzkaller found a memory leak in kcmsendmsg, and commit c821a88bd720 "kcm: Fix memory leak in error path of kcmsendmsg" suppressed it by updating kcmtxmsghead-lastskb if partia...

CVE-2025-63526

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter,...