104 matches found
CVE-2026-45853
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Use kvfree instead of kfree in amdgpugmcgetnpsmemranges amdgpudiscoverygetnpsinfo internally allocates memory for ranges using kvcalloc, which may use vmalloc for large allocation. Using kfree to release vmalloc memor...
UBUNTU-CVE-2026-45853
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Use kvfree instead of kfree in amdgpugmcgetnpsmemranges amdgpudiscoverygetnpsinfo internally allocates memory for ranges using kvcalloc, which may use vmalloc for large allocation. Using kfree to release vmalloc memor...
CVE-2026-45853 drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges()
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Use kvfree instead of kfree in amdgpugmcgetnpsmemranges amdgpudiscoverygetnpsinfo internally allocates memory for ranges using kvcalloc, which may use vmalloc for large allocation. Using kfree to release vmalloc memor...
PT-2026-43720
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Use kvfree instead of kfree in amdgpu gmc get nps memranges amdgpu discovery get nps info internally allocates memory for ranges using kvcalloc, which may use vmalloc for large allocation. Using kfree to release vmall...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: The issue in fdt: fix off-by-one error in unflattendtnodes Commit 78c44d910d3e “drivers/of: Fix depth when unflattening devicetree” forgot to fix the depth check in the loop body of unflattendtnodes. This could lead to an overflo...
CVE-2025-67984
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through = 2.8.2...
CVE-2025-67984
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through = 2.8.2...
CVE-2025-67984
CVE-2025-67984 is a DOM-based XSS vulnerability in the WordPress plugin NPS computy (nps-computy) , affecting versions up through and including 2.8.2 . The connected Red Hat and CVE entries confirm the flaw is an input handling/neutralization issue during web page generation that enables cross-si...
CVE-2025-67984 WordPress NPS computy plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through = 2.8.2...
CVE-2025-67984 WordPress NPS computy plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through = 2.8.2...
PT-2026-21056
Name of the Vulnerable Software and Affected Versions calliko NPS computy versions through 2.8.2 Description The software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-site Scripting issue. This allows for potential execution of...
WordPress NPS computy plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin NPS computy versions = 2.8.2...
EUVD-2019-6190
Malware in sbrugna...
EUVD-2022-43769
Malicious code in bioql PyPI...
CVE-2024-1754
The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1755
The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-11807
The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'data1' and 'data2' parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2022-40494
NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters...
CVE-2019-15119
lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user...
SUSE CVE-2019-15119
lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user...