Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: compress: fixed to avoid a use-after-free condition on dic. Call trace: memcpy+0x128/0x250 f2fsreadmultipages+0x940/0xf7c f2fsmpagereadpages+0x5a8/0x624 f2fsreadahead+0x5c/0x110 pagecacheraunbounded+0x1b8/0x590...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989294)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989294 advisory. In the Linux kernel, the following vulnerability has been resolved: MIPS: pgalloc: fix memory leak caused by pgdfree pgd page is freed by generic implementation...

EUVD-2021-18786

Malware in sbrugna...

CVE-2021-38583

openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting XSS on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp with view= and data=...

CVE-2021-26776

CSZ CMS 1.2.9 is affected by a cross-site scripting XSS vulnerability in multiple pages through the field name...

CVE-2024-31971

Multiple stored cross-site scripting XSS vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html,...

CVE-2023-33927

A vulnerability in Themeisle MPG multiple-pages-generator-by-porthas.This issue affects MPG: from n/a through = 3.3.19...

Cross-site Scripting (XSS)

hoteldruid is vulnerable to Cross-site Scripting XSS. The vulnerability which exists in multiple pages allows a malicious attacker to execute arbitrary commands within the surname, name and nickname document functions...

Advanced Database Cleaner < 3.1.1 - Reflected Cross-Site Scripting

The plugin does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=advanceddbcleaner&aDBctab=cron&aDBccat=all&"alert/XSS/ Other pages are affected...

3D Print Lite < 1.9.1.6 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape some user input before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=p3dlitematerials&materialtext="alert/XSS/...

IceHrm 跨站脚本漏洞

IceHrm is a human resource management Hrm system that includes features such as employee management, leave management, and payroll. The system includes functions such as employee management, leave management and payroll management.IceHrm has security vulnerabilities on several pages that could be...

Pharmacy Point Of Sale System 1.0 SQL Injection

Exploit Title: Pharmacy Point of Sale System 1.0 - 'Multiple' SQL Injection SQLi Date: 28.09.2021 Exploit Author: Murat Vendor Homepage: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html Software Link:...

CVE-2021-38583

openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting XSS on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp with view= and data=...

CVE-2021-38583

openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting XSS on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp with view= and data=...

openBaraza HCM 跨站脚本漏洞

openBaraza HCM is a comprehensive HR and Talent Management software solution that encompasses not only traditional core HR functionality, but also key aspects of Talent Management. A security vulnerability exists in openBaraza HCM version 3.1.6 that stems from not properly neutralizing...

UBUNTU-CVE-2021-37833

A reflected cross-site scripting XSS vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands...

MediaWiki 跨站脚本漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki 1.36 that stems from a privileged user being able to inject...

Jetbrains JetBrains TeamCity 跨站脚本漏洞

TeamCity is a Java-based build management and continuous integration server from JetBrains. A stored cross-site scripting vulnerability exists in several pages in versions of JetBrains TeamCity prior to 2020.2.3. Detailed vulnerability details are not available at this time...

CVE-2021-26776

CSZ CMS 1.2.9 is affected by a cross-site scripting XSS vulnerability in multiple pages through the field name...

CVE-2021-26776

CSZ CMS 1.2.9 is affected by a cross-site scripting XSS vulnerability in multiple pages through the field name...