Black 路径遍历漏洞

Black is a Python code formatting tool open-sourced by the Python Software Foundation. Versions of Black prior to 26.3.1 had a path traversal vulnerability. This vulnerability stemmed from the value of the “python-cell-magics” option, which did not clean up cache file names. As a result, it was...

CVE-2022-50734

In the Linux kernel, the following vulnerability has been resolved: nvmem: core: Fix memleak in nvmemregister devsetname will alloc memory for nvmem-dev.kobj.name in nvmemregister, when nvmemvalidatekeepouts failed, nvmem's memory will be freed and return, but nobody will free memory for...

ProjectSend 安全漏洞

ProjectSend cFTP is the ProjectSend open source suite of self-hosted applications based on PHP and MySQL. A security vulnerability exists in ProjectSend cFTP version r1605, which stems from improper cleanup of the user profile name field and could lead to a CSV injection attack...

CVE-2022-50669 misc: ocxl: fix possible name leak in ocxl_file_register_afu()

In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible name leak in ocxlfileregisterafu If deviceregister returns error in ocxlfileregisterafu, the name allocated by devsetname need be freed. As comment of deviceregister says, it should use putdevice to give ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989678)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989678 advisory. In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix possible memory leak in iiosysfstriginit devsetname allocates memory for...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not cleaning up the device name when registering a device fails, which could lead to a memory leak...

LionCoders SalePro POS 安全漏洞

LionCoders SalePro POS is a point-of-sale system and inventory management software from LionCoders Bangladesh. A security vulnerability exists in LionCoders SalePro POS version 5.4.8, which stems from improper cleanup of the customer name parameter and could lead to a stored cross-site scripting...

ROS-20250923-23

Vulnerability in the Zabbix universal monitoring system is related to insufficient cleaning of user data transmitted via the "Visible name" field during automatic host deletion. data transmitted via the "Visible Name" field during automatic host deletion. Exploitation vulnerability could allow a...

ui-lib Stocky 安全漏洞

ui-lib Stocky is a human resource management system from ui-lib Bangladesh. A security vulnerability exists in ui-lib Stocky version 5.0, which stems from insufficient product name parameter cleanup and escaping, and could lead to a stored cross-site scripting attack...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

interactive-git-checkout 命令注入漏洞

interactive-git-checkout is a branch switching software by the individual developer Nino Filiu. A command injection vulnerability exists in interactive-git-checkout 1.1.4 and earlier versions, which stems from a failure to validate input or clean up branch names, which could lead to a command...

Linux Distros Unpatched Vulnerability : CVE-2022-49860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: fix memory leak when register device fail If deviceregister...

OESA-2025-1541 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDNdspelementregister Afer commit 1fa5ae857bb1 "driver core: get rid of struct device's busid string array", the name of...

DEBIAN-CVE-2022-49915

In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDNregisterdevice Afer commit 1fa5ae857bb1 "driver core: get rid of struct device's busid string array", the name of device is allocated dynamically, add putdevice to give up the reference, so...

Growatt Cloud Applications 跨站脚本漏洞

Growatt Cloud Applications is a monitoring platform from China-based Growatt. A cross-site scripting vulnerability exists in Growatt Cloud Applications 3.6.0 and prior versions, which stems from improper cleanup of plant name values when adding or editing plants, and could lead to stored cross-si...

Backdrop CMS 跨站脚本漏洞

Backdrop CMS is a content management system CMS from Backdrop CMS open source. A cross-site scripting vulnerability exists in Backdrop CMS versions prior to 1.x-1.4.5, which stems from insufficient cleanup of certain class names and could lead to cross-site scripting attacks...

DrayTek Vigor 3910 安全漏洞

The DrayTek Vigor 3910 is a high-performance router for enterprise networks from China DrayTek. A security vulnerability exists in the DrayTek Vigor 3910 version 4.3.2.6 and prior versions, which stems from poor router name cleanup...

WordPress plugin WP ULike 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Real Media Library 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Rdiffweb 安全漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A security vulnerability exists in Rdiffweb versions prior to 2.5.5, which stems from a lack of character cleanup in SSH key names...